FreeBSD File System Arbitrary Data Access Race

2001-03-22T00:00:00
ID OSVDB:5682
Type osvdb
Reporter OSVDB
Modified 2001-03-22T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a malicious user to access restricted data which they may not ordinarly have access to. This issue affects the UFS and Ext2FS filesystems. Under certain conditions the filesystem fails to zero deleted blocks before making them available for reuse. It is possible that the flaw may allow disclosure of sensitive data resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD has released a patch to address this vulnerability.

Short Description

FreeBSD contains a flaw that may allow a malicious user to access restricted data which they may not ordinarly have access to. This issue affects the UFS and Ext2FS filesystems. Under certain conditions the filesystem fails to zero deleted blocks before making them available for reuse. It is possible that the flaw may allow disclosure of sensitive data resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch Vendor Specific Advisory URL Mail List Post: http://www.securityfocus.com/advisories/3213 ISS X-Force ID: 6268 CVE-2001-0371 Bugtraq ID: 2528