CVE-2025-0374
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd.
An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeBSD | FreeBSD | 14.2-RELEASE < p1 | affected |
| FreeBSD | FreeBSD | 14.1-RELEASE < p7 | affected |
| FreeBSD | FreeBSD | 13.4-RELEASE < p3 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.