Lucene search

[email protected]CVE-2004-0099

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-0099

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0099

mksnap_ffs

freebsd

access restrictions

snapshot flags

security vulnerability

local user

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.

Affected configurations

NVD

Node

freebsdfreebsdMatch5.1release

freebsdfreebsdMatch5.2.1release

CPENameOperatorVersion
freebsd:freebsdfreebsdeq5.1
freebsd:freebsdfreebsdeq5.2.1

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	5.1
freebsd:freebsd	freebsd	eq	5.2.1

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc

www.osvdb.org/3790

www.securityfocus.com/bid/9533

exchange.xforce.ibmcloud.com/vulnerabilities/15005

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-0099

freebsd_advisory1 openvas2 freebsd1 nessus1 cvelist1 nvd1