CVE-2009-4358
FreeBSD - Unprotected User Data Exposure via Insecure Working Directory Permissions
Title source: llmDescription
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37190
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37575
Scores
EPSS
0.0005
EPSS Percentile
14.3%
Details
CWE
CWE-264
Status
published
Products (5)
freebsd/freebsd
6.3
freebsd/freebsd
6.4
freebsd/freebsd
7.1
freebsd/freebsd
7.2
freebsd/freebsd
8.0
Published
Dec 20, 2009
Tracked Since
Feb 18, 2026