CVE-2005-4351 - OpenCVE

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Openbsd	Openbsd
Dragonfly	Dragonfly
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:dragonfly:dragonfly::::::::
	cpe:2.3:o:freebsd:freebsd::stable::::::*
	cpe:2.3:o:freebsd:freebsd:7.0:current::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:openbsd:openbsd::::::::

References

Link	Resource
http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html	Exploit Vendor Advisory
http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt	Exploit Vendor Advisory
http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/24037

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-09T20:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2005-12-19T00:00:00

Link: CVE-2005-4351

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-31T05:00:00.000

Modified: 2017-07-20T01:29:13.817

Link: CVE-2005-4351

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt"}, {"name": "20060109 BSD Securelevels: Circumventing protection of files flagged immutable", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html"}, {"name": "bsd-securelevel-immutable-file-bypass(24037)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24037"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4351", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt"}, {"name": "20060109 BSD Securelevels: Circumventing protection of files flagged immutable", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html"}, {"name": "bsd-securelevel-immutable-file-bypass(24037)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24037"}, {"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt"}, {"name": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html", "refsource": "MISC", "url": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4351", "datePublished": "2006-01-09T20:00:00", "dateReserved": "2005-12-19T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dragonfly:dragonfly:*:*:*:*:*:*:*:*", "matchCriteriaId": "D49632E3-D2DD-4D9A-AE3B-D1A43103DA67", "versionEndIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:stable:*:*:*:*:*:*", "matchCriteriaId": "C95AA435-BA20-4451-9283-2B62E64B6B40", "versionEndIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.0:current:*:*:*:*:*:*", "matchCriteriaId": "C4E775BA-6DC1-4006-83A4-D30EA57417FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A893C0-1374-4B55-92C9-47CA407B7842", "versionEndIncluding": "2.6.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "64487B62-3A07-4294-B8A4-445BFAA0FFAA", "versionEndIncluding": "3.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running."}], "id": "CVE-2005-4351", "lastModified": "2017-07-20T01:29:13.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt"}, {"source": "cve@mitre.org", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24037"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}