cve-2019-5601
Vulnerability from cvelistv5
Published
2019-07-03 18:51
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html | Third Party Advisory, VDB Entry | |
| secteam@freebsd.org | https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T19:06:05",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:10",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"name": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5601",
"datePublished": "2019-07-03T18:51:47",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-5601\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2019-07-03T19:15:12.847\",\"lastModified\":\"2019-07-15T17:50:52.520\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD 12.0-STABLE en versiones anteriores a la r347474, 12.0-RELEASE en versiones anteriores a la 12.0-RELEASE-p7, 11.2-STABLE en versiones anteriores a la r347475, y 11.2-RELEASE en versiones anteriores a la 11.2-RELEASE-p11, un error en la implementaci\u00f3n de FFS causa hasta tres bytes de memoria de la pila del kernel para ser escrito en el disco como relleno de entrada de directorio no inicializado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ACD1D8D-B3BC-4E99-B846-90A4071DB87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8A5CDA-E099-47BA-A0C0-2F79C0432156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"699FE432-8DF0-49F1-A98B-0E19CE01E5CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B06752-39EE-4600-AC1F-69FB9C88E2A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E47AE7-BB45-428E-90E9-38BFDFF23650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"586B9FA3-65A2-41EB-A848-E4A75565F0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B15B89-3AD2-4E03-9F47-DA934702187B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"878DF67E-420A-4229-BEA8-DB9F7161ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"826B53C2-517F-4FC6-92E8-E7FCB24F91B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F10A46-AEF2-4FDD-92D6-0CF07B70F986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AD57A9-F53A-4E40-966E-F2F50852C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4029113-130F-4A33-A8A0-BC3E74000378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C5A6FD-7BBF-4E84-9895-8EE14DC846E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D71D083-3279-4DF4-91E1-38C373DD062F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"882669AB-BCFC-4517-A3E9-33D344F1ED0D\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.