FreeBSD : FreeBSD -- Multiple portsnap vulnerabilities (e7dcd69d-8ee6-11e6-a590-14dae9d210b8)

High Nessus Plugin ID 93944


The remote FreeBSD host is missing one or more security-related updates.


Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact : An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can cause portsnap to execute arbitrary commands under the credentials of the user who runs portsnap, typically root.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 93944

File Name: freebsd_pkg_e7dcd69d8ee611e6a59014dae9d210b8.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2016/10/11

Modified: 2016/10/11

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 2016/10/10

Vulnerability Publication Date: 2016/10/10

Reference Information

FreeBSD: SA-16:30.portsnap