Detections
Analytics

FreeBSD : FreeBSD -- Multiple portsnap vulnerabilities (e7dcd69d-8ee6-11e6-a590-14dae9d210b8)

high Nessus Plugin ID 93944

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. Impact : An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can cause portsnap to execute arbitrary commands under the credentials of the user who runs portsnap, typically root.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0d638d12

Plugin Details

Severity: High

ID: 93944

File Name: freebsd_pkg_e7dcd69d8ee611e6a59014dae9d210b8.nasl

Version: 2.3

Type: local

Published: 10/11/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/10/2016

Vulnerability Publication Date: 10/10/2016

Reference Information

FreeBSD: SA-16:30.portsnap