FreeBSD sendfile(2)函数只写文件权限绕过安全限制漏洞

BUGTRAQ ID: 27789 CVECAN ID: CVE-2008-0777 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD在处理文件的访问控制时存在漏洞，本地攻击者可能利用此漏洞获取敏感信息。 当进程打开文件（和其他文件系统对象，如目录）时，会指定访问标记说明所要进行的读、写或其他操作。会对这些标记检查文件系统权限，然后存储到所生成的文件描述符，以验证之后的操作。...

FreeBSD sendfile() privilege escalation

Syscall allows read access to write-only files...

FreeBSD Security Advisory FreeBSD-SA-08:03.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:03.sendfile Security Advisory The FreeBSD Project Topic: sendfile2 write-only file permission bypass Category: core Module: syskern Announced: 2008-02-14...

Code injection

The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files...

CVE-2008-0777

The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files...

CVE-2008-0777

The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files...

CVE-2008-0777

Summary: CVE-2008-0777 affects FreeBSD prior to patching for SA-08:03. The vulnerability lies in the sendfile(2) system call, which does not check the file descriptor’s access flags before sending data. If a file is write-only, a local attacker could use sendfile to disclose its contents, even wi...

CVE-2008-0777

The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files...

FreeBSD-SA-08:03.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:03.sendfile Security Advisory The FreeBSD Project Topic: sendfile2 write-only file permission bypass Category: core Module: syskern Announced: 2008-02-14...

Debian Security Advisory DSA 050-1 (sendfile)

The remote host is missing an update to sendfile announced via advisory DSA 050-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 052-1 (sendfile)

The remote host is missing an update to sendfile announced via advisory DSA 052-1. OpenVAS Vulnerability Test $Id: deb0521.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 052-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 050-1 (sendfile)

The remote host is missing an update to sendfile announced via advisory DSA 050-1. OpenVAS Vulnerability Test $Id: deb0501.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 050-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

HP-UX Security Patch : PHKL_33920

VxFS sendfile reallocation panic patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26422; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

SOL5835 - Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708

Vulnerability description The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. Information about this advisory is available a...

CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information...

CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information...

sendfile() system call may leak sections of kernel memory

Overview The sendfile system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker. Description The sendfile system call is used to send a file through a socket without copying the file data into memory. A...

FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:02.sendfile Security Advisory The FreeBSD Project Topic: sendfile kernel memory disclosure Category: core Module: syskern Announced: 2005-04-04 Credits: Sven...

FreeBSD : SA-05:02.sendfile

The remote host is running a version of FreeBSD which contains a flaw in the sendfile API. There is an error in the sendfile API which may allow a local user to disclose parts of the contents of the kernel memory. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information...