CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4358

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.4%

CVSS Severity

CVSS v2 Score 4.7

References

http://secunia.com/advisories/37575
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
http://www.securityfocus.com/bid/37190
http://secunia.com/advisories/37575
http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
http://www.securityfocus.com/bid/37190

Products affected by CVE-2009-4358

Freebsd » Freebsd » Version: 6.3

cpe:2.3:o:freebsd:freebsd:6.3
Freebsd » Freebsd » Version: 6.4

cpe:2.3:o:freebsd:freebsd:6.4
Freebsd » Freebsd » Version: 7.1

cpe:2.3:o:freebsd:freebsd:7.1
Freebsd » Freebsd » Version: 7.2

cpe:2.3:o:freebsd:freebsd:7.2
Freebsd » Freebsd » Version: 8.0

cpe:2.3:o:freebsd:freebsd:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4358

Products

Pricing

Contact Us