Vulnerabilities > CVE-2019-5602 - Incorrect Authorization vulnerability in Freebsd 11.2/11.3/12.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 18 |
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_14A3B376B30A11E9A87FA4BADB2F4699.NASL description To implement one particular ioctl, the Linux emulation code used a special interface present in the cd(4) driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read access to a cd(4) device to arbitrarily overwrite kernel memory when some media is present in the device. Impact : A user in the operator group can make use of this interface to gain root privileges on a system with a cd(4) device when some media is present in the device. last seen 2020-06-01 modified 2020-06-02 plugin id 127540 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127540 title FreeBSD : FreeBSD -- Privilege escalation in cd(4) driver (14a3b376-b30a-11e9-a87f-a4badb2f4699) NASL family FreeBSD Local Security Checks NASL id FREEBSD_SA-19-11_CD_IOCTL.NASL description The version of the FreeBSD kernel running on the remote host is 11.x prior to 11.2-RELEASE-p11 or 12.x prior to 12.0-RELEASE-p7. It is, therefore, affected by a privilege escalation vulnerability in the cd(4) driver. A local attacker with read access to a cd(4) device can exploit this to gain root privileges on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 126647 published 2019-07-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126647 title FreeBSD 11.x < 11.2-RELEASE-p12 / 12.x < 12.0-RELEASE-p7 Privilege escalation in cd(4) driver
References
- http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html
- http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc