{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5369", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2023-10-03T21:25:17.658Z", "datePublished": "2023-10-04T03:48:53.559Z", "dateUpdated": "2025-02-13T17:20:10.344Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["capsicum"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p4", "status": "affected", "version": "13.2-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Chisnall"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Before correction, the&nbsp;<tt>copy_file_range</tt>&nbsp;system call checked only for the <tt>CAP_READ</tt> and <tt>CAP_WRITE</tt> capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the <tt>CAP_SEEK</tt> capability.</p><p>This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.<br></p>"}], "value": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-273", "description": "CWE-273 Improper Check for Dropped Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2023-11-24T09:06:40.179Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20231124-0009/"}], "source": {"discovery": "UNKNOWN"}, "title": "copy_file_range insufficient capability rights check", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.255Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20231124-0009/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T14:51:19.056359Z", "id": "CVE-2023-5369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T14:53:20.875Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231124-0009/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:43.255Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5369", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-20T14:51:19.056359Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T14:53:13.005Z"}}], "cna": {"title": "copy_file_range insufficient capability rights check", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Chisnall"}], "affected": [{"vendor": "FreeBSD", "modules": ["capsicum"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "13.2-RELEASE", "lessThan": "p4", "versionType": "release"}], "defaultStatus": "unknown"}], "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20231124-0009/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.", "supportingMedia": [{"type": "text/html", "value": "<p>Before correction, the&nbsp;<tt>copy_file_range</tt>&nbsp;system call checked only for the <tt>CAP_READ</tt> and <tt>CAP_WRITE</tt> capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the <tt>CAP_SEEK</tt> capability.</p><p>This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-273", "description": "CWE-273 Improper Check for Dropped Privileges"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2023-11-24T09:06:40.179Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5369", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:20:10.344Z", "dateReserved": "2023-10-03T21:25:17.658Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2023-10-04T03:48:53.559Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor."}, {"lang": "es", "value": "Antes de la correcci\u00f3n, la llamada al sistema copy_file_range verific\u00f3 solo las capabilities CAP_READ y CAP_WRITE en los descriptores de archivos de entrada y salida, respectivamente. Usar un desplazamiento es l\u00f3gicamente equivalente a buscar, y la llamada al sistema debe requerir adicionalmente la capability CAP_SEEK. Esta verificaci\u00f3n de privilegios incorrecta permiti\u00f3 que los procesos aislados con solo lectura o escritura pero sin capacidad de b\u00fasqueda en un descriptor de archivo leyeran o escribieran datos en una ubicaci\u00f3n arbitraria dentro del archivo correspondiente a ese descriptor de archivo."}], "id": "CVE-2023-5369", "lastModified": "2024-11-21T08:41:37.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-04T04:15:14.627", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"}, {"source": "secteam@freebsd.org", "url": "https://security.netapp.com/advisory/ntap-20231124-0009/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231124-0009/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-273"}], "source": "secteam@freebsd.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-273"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}