CVE-2005-4351
First published: Sat Dec 31 2005(Updated: )
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dragonfly Project | <=1.2 | |
| FreeBSD Kernel | <=6.0 | |
| FreeBSD Kernel | =7.0-current | |
| Linux Kernel | <=2.6.15 | |
| OpenBSD | <=3.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt
- http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24037
Frequently Asked Questions
What is the severity of CVE-2005-4351?
CVE-2005-4351 is considered a high-severity vulnerability due to its potential to allow unauthorized access to immutable files by root users.
How do I fix CVE-2005-4351?
To fix CVE-2005-4351, it is recommended to upgrade to the latest stable versions of FreeBSD, OpenBSD, DragonFly, or Linux kernel that patched this vulnerability.
Which systems are affected by CVE-2005-4351?
CVE-2005-4351 affects FreeBSD 6.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15.
What methods can attackers use to exploit CVE-2005-4351?
Attackers can exploit CVE-2005-4351 by mounting a filesystem that masks immutable files while the operating system is running.
Is it possible to mitigate CVE-2005-4351 without upgrading?
To mitigate CVE-2005-4351 without upgrading, administrators should limit root access and avoid mounting new filesystems that could expose immutable files.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.15
- vendor/openbsd
- canonical/openbsd
- version/openbsd/3.8
- vendor/dragonfly
- canonical/dragonfly project
- version/dragonfly project/1.2
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/6.0
- version/freebsd kernel/7.0-current