CVE-2008-0216

Name of the Vulnerable Software and Affected Versions FreeBSD versions 6.0 through 7.0-PRERELEASE

Description The issue is related to the ptsname function, which does not properly verify that a certain portion of a device name is associated with a pty of the user who is calling the pt chown function. This might allow local users to read data from the pty of another user.

Recommendations For FreeBSD versions 6.0 through 7.0-PRERELEASE, consider restricting access to the pt chown function until a patch is available. As a temporary workaround, restrict the use of the ptsname function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.