CVE-2008-0216
FreeBSD 6.0-7.0-PRERELEASE - Local Information Disclosure via ptsname Function
Title source: llmDescription
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28498
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019191
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39667
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27284
Patch vendor-advisory
x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
Scores
EPSS
0.0008
EPSS Percentile
22.5%
Details
CWE
CWE-264
Status
published
Products (5)
freebsd/freebsd
6.0 (3 CPE variants)
freebsd/freebsd
6.1 (4 CPE variants)
freebsd/freebsd
6.2 (2 CPE variants)
freebsd/freebsd
6.3
freebsd/freebsd
7.0 (3 CPE variants)
Published
Jan 16, 2008
Tracked Since
Feb 18, 2026