Описание
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
Ссылки
- http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.htmlThird Party AdvisoryVDB Entry
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.htmlThird Party AdvisoryVDB Entry
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
Уязвимость модуля mqueuefs операционных систем FreeBSD, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.8 High
CVSS3
7.2 High
CVSS2