CVE-2020-24717

Name of the Vulnerable Software and Affected Versions OpenZFS versions prior to 2.0.0-rc1

Description The issue misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777, leading to a disruption in access control. This occurs due to a critical flaw in the code added to OpenZFS for FreeBSD support, where group rights are processed as owner rights.

Recommendations For OpenZFS versions prior to 2.0.0-rc1, update to version 2.0.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.