CVE Vulnerabilities

CVE-2009-4358

Published: Dec 20, 2009 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd 6.3 (including) 6.3 (including)
Freebsd Freebsd 6.4 (including) 6.4 (including)
Freebsd Freebsd 7.1 (including) 7.1 (including)
Freebsd Freebsd 7.2 (including) 7.2 (including)
Freebsd Freebsd 8.0 (including) 8.0 (including)

References