This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| fa9ae646-debc-11ef-87ba-002590c1f29c | FreeBSD -- Unprivileged access to system filesProblem Description:When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. Impact:An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. Discovery 2025-01-29 Entry 2025-01-30 FreeBSD >= 14.2 lt 14.2_1 >= 14.1 lt 14.1_7 >= 13.4 lt 13.4_3 CVE-2025-0374 SA-25:03.etcupdate |