Vulnerability Description
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 4.0 |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
- http://secunia.com/advisories/11714
- http://www.securityfocus.com/bid/10416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16254
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
- http://secunia.com/advisories/11714
- http://www.securityfocus.com/bid/10416
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16254
FAQ
What is CVE-2004-0435?
CVE-2004-0435 is a vulnerability with a CVSS score of 3.6 (LOW). Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems...
How severe is CVE-2004-0435?
CVE-2004-0435 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0435?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.