FreeBSD : FreeBSD -- Inappropriate directory permissions in freebsd-update(8) (6e87b696-ca3e-11df-aade-0050568f000c)
High Nessus Plugin ID 50332
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWhen downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update(8) utility copies currently installed files into its working directory (/var/db/freebsd-update by default) both for the purpose of merging changes to configuration files and in order to be able to roll back installed updates.
The default working directory used by freebsd-update(8) is normally created during the installation of FreeBSD with permissions which allow all local users to see its contents, and freebsd-update(8) does not take any steps to restrict access to files stored in said directory.
SolutionUpdate the affected packages.