The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 6.0 (including) | 6.0 (including) |
| Freebsd | Freebsd | 6.0-release (including) | 6.0-release (including) |
| Freebsd | Freebsd | 6.0-stable (including) | 6.0-stable (including) |
| Freebsd | Freebsd | 6.1 (including) | 6.1 (including) |
| Freebsd | Freebsd | 6.1-release (including) | 6.1-release (including) |
| Freebsd | Freebsd | 6.1-release_p10 (including) | 6.1-release_p10 (including) |
| Freebsd | Freebsd | 6.1-stable (including) | 6.1-stable (including) |
| Freebsd | Freebsd | 6.2 (including) | 6.2 (including) |
| Freebsd | Freebsd | 6.2-stable (including) | 6.2-stable (including) |
| Freebsd | Freebsd | 6.3 (including) | 6.3 (including) |
| Freebsd | Freebsd | 7.0 (including) | 7.0 (including) |
| Freebsd | Freebsd | 7.0-current (including) | 7.0-current (including) |
| Freebsd | Freebsd | 7.0-pre-release (including) | 7.0-pre-release (including) |
| Kfreebsd-5 | Ubuntu | dapper | * |
| Kfreebsd-5 | Ubuntu | edgy | * |
| Kfreebsd-5 | Ubuntu | feisty | * |
| Kfreebsd-5 | Ubuntu | gutsy | * |
| Kfreebsd-5 | Ubuntu | hardy | * |
| Kfreebsd-5 | Ubuntu | intrepid | * |
References
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39667
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39667