Published: 26/07/2019 Updated: 01/03/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE prior to 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE prior to 11.3-RELEASE-p1, and 11.2-RELEASE prior to 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 11.2
freebsd freebsd 12.0
freebsd freebsd 11.0
freebsd freebsd 11.3

CWE-404 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html https://security.netapp.com/advisory/ntap-20190814-0003/https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc https://seclists.org/bugtraq/2019/Aug/35 http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-5603

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect