10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.5%
The sendfile()
system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker.
The sendfile()
system call is used to send a file through a socket without copying the file data into memory. A vulnerability exists in certain implementations of sendfile()
that may allow an attacker to view sensitive kernel memory. If sendfile()
is supplied a file that is then truncated during transmission, sendfile()
may send sections of kernel memory through the socket. The contents of the leaked memory depends on what programs or files have recently been loaded and/or executed.
A local attacker may be able to view sections of kernel memory that contain sensitive information. For instance, it may be possible for an attacker can gain access to authentication information, such as passwords and usernames.
Check with Vendor
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take. Please see the list of vendors we have notified below.
604846
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 06, 2005 Updated: April 13, 2005
Affected
Yes, FreeBSD is affected. This issue was addressed in the FreeBSD Security advisory FreeBSD-SA-05:02.sendfile, which is available from
<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc>.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 21, 2005
Not Affected
Mac OS X and Mac OS X Server are not vulnerable to this issue since sendfile is not supported.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: January 10, 2006
Not Affected
We have now determined that F5 products are NOT affected by the sendfile vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 18, 2005
Not Affected
We have determine that our implementation of Service for Unix is not vulnerable to the issue as described.
- No version of Services For Unix provides the sendfile() API.
- If a future version of the Subsystem for UNIX Applications were to
provide the sendfile() API, it would be implemented as a wrapper around the Win32 or NT API(s) which perform the same task.
- No element of the Subsystem for UNIX Applications lives in Windows kernel mode.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 06, 2005
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Updated: April 28, 2005
Not Affected
English page is available here:
<http://www.quality.co.jp/e/index.html>
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: August 23, 2005
Not Affected
Red Hat Enterprise Linux is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 28, 2005
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: August 23, 2005 Updated: August 24, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
Notified: April 06, 2005 Updated: April 07, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23604846 Feedback>).
View all 40 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc>
Thanks to Marc Olzheim for reporting this vulnerability.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-0708 |
---|---|
Severity Metric: | 0.76 Date Public: |