CVE-2008-0777
Severity Score
4.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
La llamada al sistema de envío de ficheros (sendfile) en FreeBSD 5.5 hasta 7.0 no comprueba los indicadores de acceso del descriptor del fichero utilizado para enviar un archivo, esto permite a usuarios locales leer los contenidos de los ficheros de sólo-escritura.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-13 CVE Reserved
- 2008-02-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1019416 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/27789 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc | 2008-09-05 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28928 | 2008-09-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 5.5 Search vendor "Freebsd" for product "Freebsd" and version "5.5" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.2 Search vendor "Freebsd" for product "Freebsd" and version "6.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.3 Search vendor "Freebsd" for product "Freebsd" and version "6.3" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0" | - |
Affected
| ||||||