CVE-2020-25579
https://notcve.org/view.php?id=CVE-2020-25579
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. En FreeBSD versiones 12.2-STABLE anteriores a r368969, 11.4-STABLE anteriores a r369047, 12.2-RELEASE anteriores a p3, 12.1-RELEASE anteriores a p13 y 11.4-RELEASE anteriores a p7, msdosfs(5) no lograba llenar con cero un par de campos de relleno en la estructura dirent, resultando en una pérdida de tres bytes no inicializados. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc https://security.netapp.com/advisory/ntap-20210423-0002 • CWE-909: Missing Initialization of Resource •
CVE-2020-25578
https://notcve.org/view.php?id=CVE-2020-25578
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. En FreeBSD versiones 12.2-STABLE anteriores a r368969, 11.4-STABLE anteriores a r369047, 12.2-RELEASE anteriores a p3, 12.1-RELEASE anteriores a p13 y 11.4-RELEASE anteriores a p7, varios sistemas de archivos no estaban inicializando apropiadamente el campo d_off de las estructuras dirent devueltas por VOP_READDIR. En particular, tmpfs(5), smbfs(5), autofs(5) y mqueuefs(5) no lo hicieron. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc https://security.netapp.com/advisory/ntap-20210423-0002 • CWE-665: Improper Initialization •
CVE-2020-25582
https://notcve.org/view.php?id=CVE-2020-25582
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. En FreeBSD versiones 12.2-STABLE anteriores a r369334, 11.4-STABLE anteriores a r369335, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, cuando un proceso, como jexec(8) o killall(1), llama a jail_attach(2) para ingresar una jail, la root enjaulada puede adjuntarse a él usando ptrace(2) antes de que se cambie el directorio de trabajo actual. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc https://security.netapp.com/advisory/ntap-20210423-0003 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-25581
https://notcve.org/view.php?id=CVE-2020-25581
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. En FreeBSD versiones 12.2-STABLE anteriores a r369312, 11.4-STABLE anteriores a r369313, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, debido a una condición de carrera en la implementación de jail_remove(2), puede cometer un fallo al eliminar algunos de los procesos. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:04.jail_remove.asc https://security.netapp.com/advisory/ntap-20210423-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-25580
https://notcve.org/view.php?id=CVE-2020-25580
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. En FreeBSD versiones 12.2-STABLE anteriores a r369346, 11.4-STABLE anteriores a r369345, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, una regresión en el procesador de reglas login.access(5) tiene el efecto de causar que las reglas no coincidan incluso cuando no debería. Esto significa que las reglas que niegan el acceso pueden ignorarse. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:03.pam_login_access.asc https://security.netapp.com/advisory/ntap-20210423-0005 • CWE-697: Incorrect Comparison •