GSD-2023-5978

Vulnerability from gsd - Updated: 2023-12-13 01:20
Details
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.
Aliases
Aliases
CVE-2023-5978
To clipboard Create KEV Entry 

{
  "GSD": {
    "alias": "CVE-2023-5978",
    "id": "GSD-2023-5978"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5978"
      ],
      "details": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted.",
      "id": "GSD-2023-5978",
      "modified": "2023-12-13T01:20:51.075953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secteam@freebsd.org",
        "ID": "CVE-2023-5978",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FreeBSD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.2-RELEASE",
                          "version_value": "p5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "FreeBSD"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Shawn Webb"
        },
        {
          "lang": "en",
          "value": "Mariusz Zaborski"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-269",
                "lang": "eng",
                "value": "CWE-269 Improper Privilege Management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc",
            "refsource": "MISC",
            "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231214-0003/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231214-0003/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060",
                    "versionEndExcluding": "13.2",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*",
                    "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted."
          },
          {
            "lang": "es",
            "value": "En las versiones 13-RELEASE anteriores a 13-RELEASE-p5 de FreeBSD, bajo ciertas circunstancias el servicio cap_net libcasper(3) valida incorrectamente que las restricciones actualizadas son estrictamente subconjuntos de las restricciones activas. Cuando solo se especificaba una lista de nombres de dominio resolubles sin establecer otras limitaciones, una aplicaci\u00f3n pod\u00eda enviar una nueva lista de dominios que incluyeran entradas que no figuraban anteriormente. Esto podr\u00eda permitir que la aplicaci\u00f3n resuelva nombres de dominio que anteriormente estaban restringidos."
          }
        ],
        "id": "CVE-2023-5978",
        "lastModified": "2023-12-14T10:15:08.727",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-11-08T09:15:07.933",
        "references": [
          {
            "source": "secteam@freebsd.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc"
          },
          {
            "source": "secteam@freebsd.org",
            "url": "https://security.netapp.com/advisory/ntap-20231214-0003/"
          }
        ],
        "sourceIdentifier": "secteam@freebsd.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-269"
              }
            ],
            "source": "secteam@freebsd.org",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.