Severity: Unknown
Affected Package: kernel
Summary: sendfile does not check file access permissions, exposing write-only files
The sendfile(2) system call did not properly check file access permissions before serving data, allowing a file marked write-only to be served to a client. sendfile is used by many daemons including Apache httpd. A patch to correct the issue was added to CURRENT. This corresponds to FreeBSD-SA-08:03.sendfile.
No specific recommendations provided.
Aliases: CVE-2008-0777
Published: February 15, 2008
Last Modified: February 15, 2008