FreeBSD : webmin -- insecure temporary file creation at installation time (ae7b7f65-05c7-11d9-b45d-000c41e2cdad)
Low Nessus Plugin ID 37792
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Webmin developers documented a security issue in the release notes for version 1.160 :
Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename.
SolutionUpdate the affected package.