CVE-2004-0435 - OpenCVE

Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:4.0:releng::::::
	cpe:2.3:o:freebsd:freebsd:4.8:::::::*
	cpe:2.3:o:freebsd:freebsd:4.8:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:4.8:release_p6::::::
	cpe:2.3:o:freebsd:freebsd:4.8:releng::::::
	cpe:2.3:o:freebsd:freebsd:4.9:::::::*
	cpe:2.3:o:freebsd:freebsd:4.9:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:4.9:releng::::::
	cpe:2.3:o:freebsd:freebsd:4.10:::::::*
	cpe:2.3:o:freebsd:freebsd:4.10:release::::::
	cpe:2.3:o:freebsd:freebsd:4.10:releng::::::
	cpe:2.3:o:freebsd:freebsd:5.2:::::::*
	cpe:2.3:o:freebsd:freebsd:5.2.1:release::::::
	cpe:2.3:o:freebsd:freebsd:5.2.1:releng::::::

No data.

References

Link	Providers
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
http://secunia.com/advisories/11714
http://www.securityfocus.com/bid/10416
https://exchange.xforce.ibmcloud.com/vulnerabilities/16254

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-06-03T04:00:00

Updated: 2024-08-08T00:17:14.986Z

Reserved: 2004-05-03T00:00:00

Link: CVE-2004-0435

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-18T04:00:00.000

Modified: 2017-07-11T01:30:09.730

Link: CVE-2004-0435

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "Certain \"programming errors\" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10416", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10416"}, {"name": "FreeBSD-SA-04:11", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc"}, {"name": "11714", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11714"}, {"name": "freebsd-msync-gain-privileges(16254)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16254"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0435", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain \"programming errors\" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10416"}, {"name": "FreeBSD-SA-04:11", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc"}, {"name": "11714", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11714"}, {"name": "freebsd-msync-gain-privileges(16254)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16254"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:17:14.986Z"}, "title": "CVE Program Container", "references": [{"name": "10416", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10416"}, {"name": "FreeBSD-SA-04:11", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc"}, {"name": "11714", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11714"}, {"name": "freebsd-msync-gain-privileges(16254)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16254"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0435", "datePublished": "2004-06-03T04:00:00", "dateReserved": "2004-05-03T00:00:00", "dateUpdated": "2024-08-08T00:17:14.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*", "matchCriteriaId": "A442DE97-4485-4D95-B95D-58947585E455", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*", "matchCriteriaId": "09BFA20B-2F31-4246-8F74-63DF1DB884EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*", "matchCriteriaId": "5F3B4BA2-8A61-4F9A-8E46-7FA80E7F5514", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", "matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*", "matchCriteriaId": "4AE93D3D-34B4-47B7-A784-61F4479FF5A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*", "matchCriteriaId": "E6288144-0CD7-45B6-B5A7-09B1DF14FBE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*", "matchCriteriaId": "9FFD9D1C-A459-47AD-BC62-15631417A32F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*", "matchCriteriaId": "4ECDEC87-0132-46B6-BD9B-A94F9B669EAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*", "matchCriteriaId": "43E84296-9B5C-4623-A2C4-431D76FC2765", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", "matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*", "matchCriteriaId": "8E4BC012-ADE4-468F-9A25-261CD8055694", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain \"programming errors\" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk."}, {"lang": "es", "value": "Ciertos \"errores de programac\u00ed\u00f3n\" en la llamada al sistema msync de FreeBSD 5.2.1 y anteriores y 4.10 y anteriores, no maneja adecuadamente la operaci\u00f3n MS_INVALIDATE, lo que lleva a problemas de consistencia de cach\u00e9 que permiten al usuario local impedir que ciertos cambios en ficheros se lleven a cabo en el disco."}], "id": "CVE-2004-0435", "lastModified": "2017-07-11T01:30:09.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/11714"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/10416"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16254"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}