Lucene search

[email protected]CVE-2009-4358

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4358

2022-10-0316:24:01

CWE-264

[email protected]

web.nvd.nist.gov

freebsd

freebsd-update

cve-2009-4358

security

vulnerability

nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

Affected configurations

NVD

Node

freebsdfreebsdMatch6.3

freebsdfreebsdMatch6.4

freebsdfreebsdMatch7.1

freebsdfreebsdMatch7.2

freebsdfreebsdMatch8.0

CPENameOperatorVersion
freebsd:freebsdfreebsdeq6.3
freebsd:freebsdfreebsdeq6.4
freebsd:freebsdfreebsdeq7.1
freebsd:freebsdfreebsdeq7.2
freebsd:freebsdfreebsdeq8.0

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	6.3
freebsd:freebsd	freebsd	eq	6.4
freebsd:freebsd	freebsd	eq	7.1
freebsd:freebsd	freebsd	eq	7.2
freebsd:freebsd	freebsd	eq	8.0

References

secunia.com/advisories/37575

security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc

www.securityfocus.com/bid/37190

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-4358

prion1 nvd1 cvelist1 openvas1