CVE-2024-6760

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240816-0010/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:freebsd:freebsd:13.3:p1::::::
	cpe:2.3:o:freebsd:freebsd:13.3:p2::::::
	cpe:2.3:o:freebsd:freebsd:13.3:p3::::::
	cpe:2.3:o:freebsd:freebsd:13.3:p4::::::
	cpe:2.3:o:freebsd:freebsd:14.0:beta5::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p2::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p3::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p4::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p5::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p6::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p7::::::
	cpe:2.3:o:freebsd:freebsd:14.0:p8::::::
	cpe:2.3:o:freebsd:freebsd:14.0:rc3::::::
	cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1::::::
	cpe:2.3:o:freebsd:freebsd:14.1:p1::::::
	cpe:2.3:o:freebsd:freebsd:14.1:p2::::::

History

No history.

Information

Published : 2024-08-12 13:38

Updated : 2024-11-21 09:50

NVD link : CVE-2024-6760

Mitre link : CVE-2024-6760

CVE.ORG link : CVE-2024-6760

JSON object : View

Products Affected

freebsd

freebsd

CWE

NVD-CWE-noinfo CWE-862

Missing Authorization

{"id": "CVE-2024-6760", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-12T13:38:40.447", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240816-0010/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.\n\nThe bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database."}, {"lang": "es", "value": "Un error l\u00f3gico en el c\u00f3digo que deshabilita el rastreo del kernel para programas setuid signific\u00f3 que el rastreo no se deshabilit\u00f3 cuando deber\u00eda haberlo hecho, permitiendo a los usuarios sin privilegios rastrear e inspeccionar el comportamiento de los programas setuid. Un usuario sin privilegios puede utilizar el error para leer el contenido de archivos a los que de otro modo no tendr\u00eda acceso, como la base de datos de contrase\u00f1as local."}], "lastModified": "2024-11-21T09:50:15.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A4E85D-70A5-4382-AAB7-4A531615613D", "versionEndExcluding": "13.0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEC367A5-24D1-414E-BC77-07968E787D01", "versionEndExcluding": "13.3", "versionStartIncluding": "13.1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABEA48EC-24EA-4106-9465-CE66B938635F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8C769C-A23E-4F61-AC42-4DA64421B096"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B0589E-2E7D-4516-A8A0-88F30038EAB0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878A1F0A-087F-47D7-9CA5-A54BB8D6676A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50A5E650-31FB-45BE-8827-641B58A83E45"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DFA201-27D5-4C01-B90F-E24778943C3B"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}