MNBSD-2008-0: sendfile does not check file access permissions, exposing write-only files

Severity: Unknown

Affected Package: kernel

Summary: sendfile does not check file access permissions, exposing write-only files

Description

The sendfile(2) system call did not properly check file access permissions before serving data, allowing a file marked write-only to be served to a client. sendfile is used by many daemons including Apache httpd. A patch to correct the issue was added to CURRENT. This corresponds to FreeBSD-SA-08:03.sendfile.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2008-0777

Published: February 15, 2008
Last Modified: February 15, 2008