Vulnerability Description
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 6.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.ascPatch
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39667
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.ascPatch
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39667
FAQ
What is CVE-2008-0216?
CVE-2008-0216 is a vulnerability with a CVSS score of 2.1 (LOW). The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, whi...
How severe is CVE-2008-0216?
CVE-2008-0216 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0216?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.