Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0216

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-0216
Last Modified 05 Sep 2008 05:34:29
Published 15 Jan 2008 09:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0216

Summary

The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.

Vulnerable Systems

Operating System

  • Freebsd 6.0

  • Freebsd 6.1

  • Freebsd 6.2

  • Freebsd 6.3

  • Freebsd 7.0


References

FREEBSD - FreeBSD-SA-08:01

XF - freebsd-ptsname-information-disclosure(39667)

SECTRACK - 1019191

BID - 27284

SECUNIA - 28498


Last Updated: 27 May 2016 10:46:42