| Vulnerability Name: | CVE-2004-0435 (CCN-16254) | ||||||||
| Assigned: | 2004-05-26 | ||||||||
| Published: | 2004-05-26 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: The FreeBSD Project Security Advisory FreeBSD-SA-04:11.msync buffer cache invalidation implementation issues Source: FREEBSD Type: UNKNOWN FreeBSD-SA-04:11 Source: MITRE Type: CNA CVE-2004-0435 Source: CCN Type: SA11714 FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue Source: SECUNIA Type: UNKNOWN 11714 Source: CCN Type: OSVDB ID: 6425 FreeBSD msync MS_INVALIDATE File Write Restriction Source: BID Type: UNKNOWN 10416 Source: CCN Type: BID-10416 FreeBSD Msync(2) System Call Buffer Cache Implementation Vulnerability Source: XF Type: UNKNOWN freebsd-msync-gain-privileges(16254) Source: XF Type: UNKNOWN freebsd-msync-gain-privileges(16254) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||