FreeBSD Ports: portupgrade

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...

CVE-2005-0610

CVE-2005-0610 affects FreeBSD portupgrade prior to 20041226_2. It describes three symlink-related issues: (1) allowing local attackers to overwrite files and potentially replace packages to execute arbitrary code via pkg_fetch, (2) overwriting files through temporary files during port/package upg...

portupgrade -- insecure temporary file handling vulnerability

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...