cve-2009-4358
Vulnerability from cvelistv5
Published
2009-12-20 02:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-09:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-20T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-09:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-09:17",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4358",
"datePublished": "2009-12-20T02:00:00Z",
"dateReserved": "2009-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:18.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4358\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-12-20T02:30:00.547\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.\"},{\"lang\":\"es\",\"value\":\"FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios locales despu\u00e9s de una operacion de actualizaci\u00f3n (1) freebsd-update (fetch) o (2) freebsd-update (upgrade).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F702C46F-CA02-4FA2-B7D6-C61C2C095679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4F7F02A-C845-40BF-8490-510A070000F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803EFA9F-B7CB-4511-B1C1-381170CA9A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F948527C-A01E-4315-80B6-47FACE18A34F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CF1F9EF-01AF-4708-AE02-765360AF3D66\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/37575\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37190\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/37575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}],\"evaluatorSolution\":\"Per: http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc\\r\\n\\r\\n\\\"2) To patch your present system:\\r\\n\\r\\nThe following patch has been verified to apply to FreeBSD 6.3, 6.4,\\r\\n7.1, 7.2, and 8.0 systems.\\r\\n\\r\\na) Download the relevant patch from the location below, and verify the\\r\\ndetached PGP signature using your PGP utility.\\r\\n\\r\\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch\\r\\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc\\\"\"}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.