Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD weak permissions
Published:08.04.2015
Source:
SecurityVulns ID:14358
Type:local
Threat Level:
6/10
Description:Weak ZFS and GELI key files permissions.
Affected:FREEBSD : FreeBSD 10.1
CVE:CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-15:08.bsdinstall (08.04.2015)
 documentFREEBSD, FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415) (08.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod