nvd-json-data-feeds/CVE-2009/CVE-2009-43xx/CVE-2009-4358.json

{
  "id": "CVE-2009-4358",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-12-20T02:30:00.547",
  "lastModified": "2024-11-21T01:09:26.580",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."
    },
    {
      "lang": "es",
      "value": "FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios locales  despu\u00e9s de una operacion de actualizaci\u00f3n (1) freebsd-update (fetch) o (2) freebsd-update (upgrade)."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "baseScore": 4.7,
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4F7F02A-C845-40BF-8490-510A070000F3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F948527C-A01E-4315-80B6-47FACE18A34F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CF1F9EF-01AF-4708-AE02-765360AF3D66"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://secunia.com/advisories/37575",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/37190",
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "http://secunia.com/advisories/37575",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/37190",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    }
  ],
  "evaluatorSolution": "Per: http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc\r\n\r\n\"2) To patch your present system:\r\n\r\nThe following patch has been verified to apply to FreeBSD 6.3, 6.4,\r\n7.1, 7.2, and 8.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc\""
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2009-4358",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2009-12-20T02:30:00.547",`
Auto-Update: 2024-11-22T11:10:47.014226+00:00 2024-11-22 11:14:00 +00:00			`"lastModified": "2024-11-21T01:09:26.580",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios locales despu\u00e9s de una operacion de actualizaci\u00f3n (1) freebsd-update (fetch) o (2) freebsd-update (upgrade)."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",`
Auto-Update: 2024-11-22T11:10:47.014226+00:00 2024-11-22 11:14:00 +00:00			`"baseScore": 4.7,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "LOCAL",`
			`"accessComplexity": "MEDIUM",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-22T11:10:47.014226+00:00 2024-11-22 11:14:00 +00:00			`"availabilityImpact": "NONE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 3.4,`
			`"impactScore": 6.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-264"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:::::::*",`
			`"matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:::::::*",`
			`"matchCriteriaId": "A4F7F02A-C845-40BF-8490-510A070000F3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:::::::*",`
			`"matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:freebsd:freebsd:7.2:::::::*",`
			`"matchCriteriaId": "F948527C-A01E-4315-80B6-47FACE18A34F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:freebsd:freebsd:8.0:::::::*",`
			`"matchCriteriaId": "3CF1F9EF-01AF-4708-AE02-765360AF3D66"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
Auto-Update: 2024-04-04T08:42:25.815847+00:00 2024-04-04 08:46:00 +00:00			`{`
			`"url": "http://secunia.com/advisories/37575",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
			`},`
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/37190",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-11-22T11:10:47.014226+00:00 2024-11-22 11:14:00 +00:00			`},`
			`{`
			`"url": "http://secunia.com/advisories/37575",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/37190",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Patch"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
Auto-Update: 2024-11-22T11:10:47.014226+00:00 2024-11-22 11:14:00 +00:00			`],`
			"evaluatorSolution": "Per: http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc\r\n\r\n\"2) To patch your present system:\r\n\r\nThe following patch has been verified to apply to FreeBSD 6.3, 6.4,\r\n7.1, 7.2, and 8.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc\""
bootstrap 2023-04-24 12:24:31 +02:00			`}`