inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 3.5 (including) | 3.5 (including) |
| Freebsd | Freebsd | 3.5.1 (including) | 3.5.1 (including) |
| Freebsd | Freebsd | 4.1.1 (including) | 4.1.1 (including) |
| Freebsd | Freebsd | 4.2 (including) | 4.2 (including) |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
- http://www.osvdb.org/1753
- http://www.securityfocus.com/bid/2324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6052
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
- http://www.osvdb.org/1753
- http://www.securityfocus.com/bid/2324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6052