FreeBSD Security Advisory (FreeBSD-SA-05:20.cvsbug.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:20.cvsbug.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:20.cvsbug.asc

Insight

cvsbug(1) is a utility for reporting problems in the CVS revision control system. It is based on the GNATS send-pr(1) utility. A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file. While cvsbug(1) is based on the send-pr(1) utility, this problem does not exist in the version of send-pr(1) distributed with FreeBSD.

Severity

Classification

CVE CVE-2005-2693

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

django -- multiple vulnerabilities
FreeBSD Ports: bugzilla
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql
FreeBSD Ports: asterisk, asterisk-bristuff
FreeBSD Ports: clamav

Take action and discover your vulnerabilities