CVE-2008-0216 - OpenCVE

The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:6.0:::::::*
	cpe:2.3:o:freebsd:freebsd:6.0:release::::::
	cpe:2.3:o:freebsd:freebsd:6.0:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.1:::::::*
	cpe:2.3:o:freebsd:freebsd:6.1:release::::::
	cpe:2.3:o:freebsd:freebsd:6.1:release_p10::::::
	cpe:2.3:o:freebsd:freebsd:6.1:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.2:::::::*
	cpe:2.3:o:freebsd:freebsd:6.2:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.3:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:current::::::
	cpe:2.3:o:freebsd:freebsd:7.0:pre-release::::::

No data.

References

Link	Providers
http://secunia.com/advisories/28498
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
http://www.securityfocus.com/bid/27284
http://www.securitytracker.com/id?1019191
https://exchange.xforce.ibmcloud.com/vulnerabilities/39667

History

No history.

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2008-01-16T01:00:00

Updated: 2024-08-07T07:39:34.349Z

Reserved: 2008-01-10T00:00:00

Link: CVE-2008-0216

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-16T02:00:00.000

Modified: 2017-08-08T01:29:24.260

Link: CVE-2008-0216

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "28498", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28498"}, {"name": "1019191", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019191"}, {"name": "freebsd-ptsname-information-disclosure(39667)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"}, {"name": "27284", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27284"}, {"name": "FreeBSD-SA-08:01", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2008-0216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28498"}, {"name": "1019191", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019191"}, {"name": "freebsd-ptsname-information-disclosure(39667)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"}, {"name": "27284", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27284"}, {"name": "FreeBSD-SA-08:01", "refsource": "FREEBSD", "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:39:34.349Z"}, "title": "CVE Program Container", "references": [{"name": "28498", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28498"}, {"name": "1019191", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019191"}, {"name": "freebsd-ptsname-information-disclosure(39667)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"}, {"name": "27284", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27284"}, {"name": "FreeBSD-SA-08:01", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2008-0216", "datePublished": "2008-01-16T01:00:00", "dateReserved": "2008-01-10T00:00:00", "dateUpdated": "2024-08-07T07:39:34.349Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D2C79D5-D27F-4B08-A8DF-3E3AAF4E16A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*", "matchCriteriaId": "CCE4F2E6-2286-4D87-ADD7-7E999B4E5620", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*", "matchCriteriaId": "C07C3BEF-8D6A-4F23-96DE-AFE4369D08EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4416CBA-76B9-4051-B015-F1BE89517309", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:release:*:*:*:*:*:*", "matchCriteriaId": "8C64EE9C-18E1-49C6-96DE-7E6F1607C0D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:release_p10:*:*:*:*:*:*", "matchCriteriaId": "B36B3805-8A85-4357-ABC1-AB22C61E3381", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:stable:*:*:*:*:*:*", "matchCriteriaId": "231B70A8-890A-4790-A33A-64228656BF0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9118B602-3FB6-4701-AC09-763DD48334BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*", "matchCriteriaId": "32FCB0B3-8FBE-49FA-B17E-0D5462C9E5B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "47E0A416-733A-4616-AE08-150D67FCEA70", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:current:*:*:*:*:*:*", "matchCriteriaId": "C4E775BA-6DC1-4006-83A4-D30EA57417FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*", "matchCriteriaId": "42231BCC-2B90-4196-A1C2-408A353C1BEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user."}, {"lang": "es", "value": "La funci\u00f3n ptsname en FreeBSD 6.0 hasta el 7.0-PRERELEASE no verifica de forma adecuada que una cierta porci\u00f3n de un nombre de dispositivo est\u00e1 asociado con un pty de un usuario quien est\u00e1 llamando a la funci\u00f3n, la cual podr\u00eda permitir a usuarios locales leer datos del pty desde otro usuario."}], "id": "CVE-2008-0216", "lastModified": "2017-08-08T01:29:24.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-16T02:00:00.000", "references": [{"source": "secteam@freebsd.org", "url": "http://secunia.com/advisories/28498"}, {"source": "secteam@freebsd.org", "tags": ["Patch"], "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"}, {"source": "secteam@freebsd.org", "url": "http://www.securityfocus.com/bid/27284"}, {"source": "secteam@freebsd.org", "url": "http://www.securitytracker.com/id?1019191"}, {"source": "secteam@freebsd.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}