CVE-2008-0777
FreeBSD 5.5-7.0 - Unauthorized File Read via sendfile System Call
Title source: llmDescription
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
References (4)
Core 4
Core References
Patch vendor-advisory
x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019416
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27789
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28928
Scores
EPSS
0.0007
EPSS Percentile
21.0%
Details
CWE
CWE-264
Status
published
Products (4)
freebsd/freebsd
5.5
freebsd/freebsd
6.2
freebsd/freebsd
6.3
freebsd/freebsd
7.0
Published
Feb 15, 2008
Tracked Since
Feb 18, 2026