{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6760", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2024-07-15T14:31:57.406Z", "datePublished": "2024-08-11T02:40:03.814Z", "dateUpdated": "2024-10-29T19:41:19.862Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["ktrace"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p3", "status": "affected", "version": "14.1-RELEASE", "versionType": "release"}, {"lessThan": "p9", "status": "affected", "version": "14.0-RELEASE", "versionType": "release"}, {"lessThan": "p5", "status": "affected", "version": "13.3-RELEASE", "versionType": "release"}]}], "datePublic": "2024-08-07T15:00:00.000Z", "descriptions": [{"lang": "en", "value": "A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.\n\nThe bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-08-11T02:40:03.814Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc"}], "source": {"discovery": "UNKNOWN"}, "title": "ktrace(2) fails to detach when executing a setuid binary", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:13:46.479974Z", "id": "CVE-2024-6760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:41:19.862Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240816-0010/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-16T17:02:47.133Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6760", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2024-07-15T14:31:57.406Z", "datePublished": "2024-08-11T02:40:03.814Z", "dateUpdated": "2024-10-29T19:41:19.862Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["ktrace"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p3", "status": "affected", "version": "14.1-RELEASE", "versionType": "release"}, {"lessThan": "p9", "status": "affected", "version": "14.0-RELEASE", "versionType": "release"}, {"lessThan": "p5", "status": "affected", "version": "13.3-RELEASE", "versionType": "release"}]}], "datePublic": "2024-08-07T15:00:00.000Z", "descriptions": [{"lang": "en", "value": "A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.\n\nThe bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-08-11T02:40:03.814Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc"}], "source": {"discovery": "UNKNOWN"}, "title": "ktrace(2) fails to detach when executing a setuid binary", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20240816-0010/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-16T17:02:47.133Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T14:13:46.479974Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:41:15.667Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "18A4E85D-70A5-4382-AAB7-4A531615613D", "versionEndExcluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEC367A5-24D1-414E-BC77-07968E787D01", "versionEndExcluding": "13.3", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*", "matchCriteriaId": "ABEA48EC-24EA-4106-9465-CE66B938635F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*", "matchCriteriaId": "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*", "matchCriteriaId": "BC8C769C-A23E-4F61-AC42-4DA64421B096", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*", "matchCriteriaId": "45B0589E-2E7D-4516-A8A0-88F30038EAB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*", "matchCriteriaId": "878A1F0A-087F-47D7-9CA5-A54BB8D6676A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*", "matchCriteriaId": "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*", "matchCriteriaId": "50A5E650-31FB-45BE-8827-641B58A83E45", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*", "matchCriteriaId": "D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*", "matchCriteriaId": "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*", "matchCriteriaId": "D4DFA201-27D5-4C01-B90F-E24778943C3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.\n\nThe bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database."}, {"lang": "es", "value": "Un error l\u00f3gico en el c\u00f3digo que deshabilita el rastreo del kernel para programas setuid signific\u00f3 que el rastreo no se deshabilit\u00f3 cuando deber\u00eda haberlo hecho, permitiendo a los usuarios sin privilegios rastrear e inspeccionar el comportamiento de los programas setuid. Un usuario sin privilegios puede utilizar el error para leer el contenido de archivos a los que de otro modo no tendr\u00eda acceso, como la base de datos de contrase\u00f1as local."}], "id": "CVE-2024-6760", "lastModified": "2024-10-29T20:35:40.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-12T13:38:40.447", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}