FreeBSD : claws-mail -- insecure temporary file creation (a59afa47-c930-11dc-810c-0016179b2dd5)

low Nessus Plugin ID 31082

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Nico Golde reports :

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.

Solution

Update the affected package.

See Also

https://security.gentoo.org/glsa/200801-03

http://www.nessus.org/u?eec274d1

Plugin Details

Severity: Low

ID: 31082

File Name: freebsd_pkg_a59afa47c93011dc810c0016179b2dd5.nasl

Version: 1.18

Type: local

Published: 2/14/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Low

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:claws-mail

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2008

Vulnerability Publication Date: 12/3/2007

Reference Information

CVE: CVE-2007-6208

BID: 26676

CWE: 59

Secunia: 27897