Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD pty hijacking
Published:16.01.2008
Source:
SecurityVulns ID:8570
Type:remote
Threat Level:
5/10
Description:'script' users openpty in insecure way, ptsname incorrectly extracts device name.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
 FREEBSD : FreeBSD 6.3
CVE:CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.)
 CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:01.pty (16.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod