PT-2008-2395 · Freebsd · Freebsd

Kostik Belousov

Published

2008-02-15

Updated

2008-09-05

CVE-2008-0777

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeBSD versions 5.5 through 7.0

Description The issue concerns the sendfile system call, which does not properly check the access flags of the file descriptor used for sending a file. This allows local users to read the contents of files that are supposed to be write-only.

Recommendations For versions 5.5 through 7.0, update to a version that includes a fix for this issue, as the current version allows unauthorized access to file contents.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-0777

Affected Products

Freebsd

PT-2008-2395 · Freebsd · Freebsd

CVE-2008-0777

Weakness Enumeration

Related Identifiers

Affected Products

References · 5