Info

Disclosure

Feb 02, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. An error in the "mksnap_ffs" program may reset flags on a file system to their default setting when a snapshot is created. This could potentially disable various security-related features set by an administrator when a process using the program is run and may lead to a loss of confidentiality, integrity and/or availability.

Classification

Unknown or Incomplete

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD has released a patch to address this vulnerability.

Products

FreeBSD Project	FreeBSD	5.1-RELEASE
		5.2-RELEASE

References

Secunia Advisory ID: 10756
CVE ID: 2004-0099 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc
Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_1.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_2.patch

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3790

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

FreeBSD Project

FreeBSD

References

Credit