212145 CVE-2008-0777 2008-03-03 01:32 0000 sys-freebsd/freebsd-sources < 6.2-r4 sendfile(2) write-only file permission bypass (CVE-2008-0777) 2008-05-17 20:37:37 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc ~3 [noglsa] P2 trivial --- 1 rbu@gentoo.org security@gentoo.org bsd@gentoo.org rbu@gentoo.org 2008-03-03 01:32:02 0000 CVE-2008-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0777): The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. rbu@gentoo.org 2008-03-03 01:33:27 0000 BSD herd, please act. This is the third security bug that is now open, and the others are not moving at all. Are you maintaining the Gentoo BSD port, or can/should this be p.masked? py@gentoo.org 2008-05-09 14:26:41 0000 (In reply to comment #1) > BSD herd, please act. > > This is the third security bug that is now open, and the others are not moving > at all. Are you maintaining the Gentoo BSD port, or can/should this be > p.masked? > *ping* aballier@gentoo.org 2008-05-17 19:55:28 0000 6.2-r4 has the patch py@gentoo.org 2008-05-17 20:37:37 0000 thanks, closing.