FreeBSD : GNU libtool insecure temporary file handling (cacaffbc-5e64-11d8-80e3-0020ed76ef5a)
High Nessus Plugin ID 37213
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
Descriptionlibtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.
This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.
This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.
SolutionUpdate the affected packages.