Multiple symlink vulnerabilities in portupgrade prior to 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
freebsd freebsd 4.10 |
||
freebsd freebsd 4.11 |
||
freebsd freebsd 4.5 |
||
freebsd freebsd 4.8 |
||
freebsd freebsd 4.9 |
||
freebsd freebsd 5.3 |
||
freebsd freebsd 4.1 |
||
freebsd freebsd 4.1.1 |
||
freebsd freebsd 4.2 |
||
freebsd freebsd 4.3 |
||
freebsd freebsd 4.4 |
||
freebsd freebsd 4.6.2 |
||
freebsd freebsd 4.6 |
||
freebsd freebsd 4.7 |
||
freebsd freebsd 5.0 |
||
freebsd freebsd 5.1 |
||
freebsd freebsd 5.2.1 |
||
freebsd freebsd 5.4 |
||
freebsd freebsd 4.0 |
||
freebsd freebsd 5.2 |
Vulmon