FreeBSD Ports: Dia Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/33672 http://www.vuxml.org/freebsd/25eb365c-fd11-11dd-8424-c213de35965d.html

Insight

The following package is affected: dia CVE-2008-5984 Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Severity

Classification

CVE CVE-2008-5984

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: asterisk
django -- cross-site scripting vulnerability
FreeBSD Ports: bzip2
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql
FreeBSD Ports: apr1

FreeBSD Ports: dia

Take action and discover your vulnerabilities