CVE-2009-4358 Information

Description

freebsd-update in FreeBSD 8.0 7.2 7.1 6.4 and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default) which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

Reference

http://secunia.com/advisories/37575 http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc http://www.securityfocus.com/bid/37190