PT-2005-2396 · Freebsd · Freebsd

Published

2005-05-06

Updated

2008-09-05

CVE-2005-1399

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 4.6 through 4.11 FreeBSD versions 5.x through 5.4

Description: The issue concerns insecure default permissions for the /dev/iir device, allowing local users to execute restricted ioctl calls. This can lead to unauthorized reading or modification of data on hardware controlled by the iir driver.

Recommendations: For FreeBSD versions 4.6 through 4.11, consider changing the default permissions of the /dev/iir device to restrict access. For FreeBSD versions 5.x through 5.4, consider changing the default permissions of the /dev/iir device to restrict access. As a temporary workaround, consider restricting access to the /dev/iir device until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1399

Affected Products

Freebsd

PT-2005-2396 · Freebsd · Freebsd

CVE-2005-1399

Related Identifiers

Affected Products

References · 2