FKIE_CVE-2019-5602

Vulnerability from fkie_nvd - Published: 2019-07-03 19:15 - Updated: 2024-11-21 04:45
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
References
secteam@freebsd.orghttp://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.htmlThird Party Advisory, VDB Entry
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.ascVendor Advisory
Impacted products
Vendor Product Version
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.2
freebsd freebsd 11.3
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
freebsd freebsd 12.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*",
              "matchCriteriaId": "0A8A5CDA-E099-47BA-A0C0-2F79C0432156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*",
              "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "878DF67E-420A-4229-BEA8-DB9F7161ED9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E03E6445-DD63-44E8-85D1-3971253F395A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges."
    },
    {
      "lang": "es",
      "value": "En FreeBSD 12.0-ESTABLE en versiones anteriores a la r349628, 12.0-RELEASE en versiones anteriores a la 12.0-RELEASE-p7, 11.3-PRERELEASE en versiones anteriores a la r349629, 11.3-RC3 en versiones anteriores a la 11.3-RC3-p1, y 11.2-RELEASE en versiones anteriores a la 11.2-RELEASE-p11, un error en el controlador cdrom permite a los usuarios con acceso de lectura al dispositivo cdrom sobrescribir arbitrariamente la memoria del kernel cuando hay medios presentes, lo que permite que un usuario malintencionado en el grupo de operadores obtenga privilegios de root."
    }
  ],
  "id": "CVE-2019-5602",
  "lastModified": "2024-11-21T04:45:12.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-03T19:15:12.910",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        },
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.