4.7
CVE-2009-4358
- EPSS 0.27%
- Veröffentlicht 20.12.2009 02:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 3.4 | 6.9 |
AV:L/AC:M/Au:N/C:C/I:N/A:N
|
http://secunia.com/advisories/37575
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
http://www.securityfocus.com/bid/37190