Lucene search
HistoryApr 10, 2015 - 3:00 p.m.
CVE-2015-1415
cve-2015-1415
freebsd
bsdinstall
full disk encryption
zfs
geli
key file
permissions
local users
sensitive information
nvd
vulnerability
5.7 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| freebsd:freebsd | freebsd | eq | 10.0 |
| freebsd:freebsd | freebsd | le | 10.1 |
Related
securityvulns
securityvulns
FreeBSD weak permissions
2015-04-08 00:00:00
FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)
2015-04-08 00:00:00
FreeBSD Security Advisory FreeBSD-SA-15:08.bsdinstall
2015-04-08 00:00:00
freebsd
freebsd
FreeBSD -- Insecure default GELI keyfile permissions
2015-04-07 00:00:00
prion
prion
Design/Logic Flaw
2015-04-10 15:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:08.bsdinstall
2015-04-07 00:00:00
packetstorm
packetstorm
FreeBSD 10.x ZFS encryption.key Disclosure
2015-04-08 00:00:00
cvelist
cvelist
CVE-2015-1415
2015-04-10 14:00:00
nessus
nessus
5.7 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2015-1415