CVE-2020-24717

Published: Aug 27, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

Affected (1)

Products: Openzfs: Openzfs

Openzfs

1 product

Openzfs

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Openzfs Openzfs	Up to 0.8.4

Running on/with	Platform Versions
Freebsd Freebsd	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1

Source: cve@mitre.org

PatchThird Party Advisory

https://jira.ixsystems.com/browse/NAS-107270

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://reviews.freebsd.org/D26107

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://jira.ixsystems.com/browse/NAS-107270

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://reviews.freebsd.org/D26107

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.