Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0217

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-0217
Last Modified 05 Sep 2008 05:34:30
Published 15 Jan 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0217

Summary

The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.

Vulnerable Systems

Operating System

  • Freebsd 5.0

  • Freebsd 5.5

  • Freebsd 6.0

  • Freebsd 6.1

  • Freebsd 6.2

  • Freebsd 7.0


References

FREEBSD - FreeBSD-SA-08:01

XF - freebsd-openpty-information-disclosure(39665)

SECTRACK - 1019191

BID - 27284

SECUNIA - 28498


Last Updated: 27 May 2016 10:46:42