CVE-2009-4358

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4358
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

4.7 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/37575 Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
http://www.securityfocus.com/bid/37190 Patch
http://secunia.com/advisories/37575 Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
http://www.securityfocus.com/bid/37190 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*
History

21 Nov 2024, 01:09

Type Values Removed Values Added
References () http://secunia.com/advisories/37575 - Vendor Advisory () http://secunia.com/advisories/37575 - Vendor Advisory
References () http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc - () http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc -
References () http://www.securityfocus.com/bid/37190 - Patch () http://www.securityfocus.com/bid/37190 - Patch
Information

Published : 2009-12-20 02:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-4358

Mitre link : CVE-2009-4358

CVE.ORG link : CVE-2009-4358

JSON object : View

Products Affected

freebsd

  • freebsd
CWE
CWE-264

Permissions, Privileges, and Access Controls