FreeBSD mksnap_ffs security bypass

freebsd-mksnapffs-bypass-security (15005) The risk level is classified as MediumMedium Risk

Description:

FreeBSD could allow a local attacker to bypass security restrictions, caused by a vulnerability in the mksnap_ffs program. When a snapshot is created, the mksnap_ffs program may cause other flags to be reset to default values, which could disable security settings previously set on the system. This would allow a local attacker to bypass security restrictions, when a process using the mksnap_ffs program is run.


Consequences:

Bypass Security

Remedy:

Upgrade to the latest version of FreeBSD (RELENG_5_1 or RELENG_5_2 security branch dated later than 2004-01-27), as listed in FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs. See References.

— OR —

Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs. See References.

References:

  • FreeBSD Security Advisory FreeBSD-SA-04:01: mksnap_ffs clears file system options.
  • BID-9533: FreeBSD mksnap_ffs File System Option Reset Vulnerability
  • CVE-2004-0099: mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
  • OSVDB ID: 3790: FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue

Platforms Affected:

  • FreeBSD FreeBSD 5.1
  • FreeBSD FreeBSD 5.2

Reported:

Jan 30, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page