John Baldwin

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 6.0 through 7.0-PRERELEASE **Description** The issue is related to the ptsname function, which does not properly verify that a certain portion of a device name is associated with a pty of the user who is calling the pt chown function. This might allow local users to read data from the pty of another user. **Recommendations** For FreeBSD versions 6.0 through 7.0-PRERELEASE, consider restricting access to the pt chown function until a patch is available. As a temporary workaround, restrict the use of the ptsname function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.