Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-2ED7E8DB-E234-11EA-9392-002590BC43BE: sysutils/openzfs-kmod -- critical permissions issues

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-2ED7E8DB-E234-11EA-9392-002590BC43BE: sysutils/openzfs-kmod -- critical permissions issues

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/13/2020
Created
08/25/2020
Added
08/21/2020
Modified
08/21/2020

Description

Andrew Walker reports:

Issue 1:

Users are always granted permissions to cd into a directory. The

check for whether execute is present on directories is a de-facto

no-op. This cannot be mitigated without upgrading. Even setting

an explicit "deny - execute" NFSv4 ACE will be bypassed.

Issue 2:

All ACEs for the owner_group (group@) and regular groups

(group:<foo>) are granted the current user. This means that

POSIX mode 770 is de-facto 777, and the below ACL is also de-facto

777 because the groupmember check for builtin_administrators

returns True.

root@TESTBOX[~]# getfacl testfile

# file: testfile

# owner: root

# group: wheel

group:builtin_administrators:rwxpDdaARWcCos:-------:allow

Solution(s)

  • freebsd-upgrade-package-openzfs-kmod

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;