277721 – (CVE-2009-2208) <=sys-freebsd/freebsd-sources-{6.?,7.2} SIOCSIFINFO_IN6 IOCTL wrong permissions (CVE-2009-2208)

Bug 277721 (CVE-2009-2208) - <=sys-freebsd/freebsd-sources-{6.?,7.2} SIOCSIFINFO_IN6 IOCTL wrong permissions (CVE-2009-2208)

Summary: <=sys-freebsd/freebsd-sources-{6.?,7.2} SIOCSIFINFO_IN6 IOCTL wrong permissio...

Status:	RESOLVED FIXED

Alias:	CVE-2009-2208

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-07-13 21:54 UTC by Stefan Behte (RETIRED)
Modified:	2009-07-15 19:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-07-13 21:54:15 UTC

CVE-2009-2208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2208):
  FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the
  SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable
  IPv6 network interfaces, as demonstrated by modifying the MTU.

Comment 1 Alexis Ballier gentoo-dev

2009-07-14 14:43:45 UTC

sounds like http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
which is patched in freebsd-sources-7.2-r1

Comment 2 Alex Legler (RETIRED) archtester

2009-07-15 19:33:30 UTC

Thanks, closing.