CVE-2024-6760

EPSS 0.17%
Published 12.08.2024 13:38:40
Last modified 21.11.2024 09:50:15
Source secteam@freebsd.org
Teams watchlist Login
Open Login

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.

The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version < 13.0

Freebsd ≫ Freebsd Version >= 13.1 < 13.3

Freebsd ≫ Freebsd Version13.3 Updatep1

Freebsd ≫ Freebsd Version13.3 Updatep2

Freebsd ≫ Freebsd Version13.3 Updatep3

Freebsd ≫ Freebsd Version13.3 Updatep4

Freebsd ≫ Freebsd Version14.0 Updatebeta5

Freebsd ≫ Freebsd Version14.0 Updatep1

Freebsd ≫ Freebsd Version14.0 Updatep2

Freebsd ≫ Freebsd Version14.0 Updatep3

Freebsd ≫ Freebsd Version14.0 Updatep4

Freebsd ≫ Freebsd Version14.0 Updatep5

Freebsd ≫ Freebsd Version14.0 Updatep6

Freebsd ≫ Freebsd Version14.0 Updatep7

Freebsd ≫ Freebsd Version14.0 Updatep8

Freebsd ≫ Freebsd Version14.0 Updaterc3

Freebsd ≫ Freebsd Version14.0 Updaterc4-p1

Freebsd ≫ Freebsd Version14.1 Updatep1

Freebsd ≫ Freebsd Version14.1 Updatep2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.387

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240816-0010/

https://nvd.nist.gov/vuln/detail/CVE-2024-6760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6760

EUVD