Vulnerabilities > CVE-2005-1399 - Unspecified vulnerability in Freebsd

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

freebsd

NVD

Published: 2005-05-06

Updated: 2008-09-05

Summary

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.6 Freebsd Freebsd 4.7 Freebsd Freebsd 4.8 Freebsd Freebsd 4.9 Freebsd Freebsd 4.10 Freebsd Freebsd 4.11 Freebsd Freebsd 5.1 Freebsd Freebsd 5.2 Freebsd Freebsd 5.3 Freebsd Freebsd 5.4	10

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc