FKIE_CVE-2023-5368

Vulnerability from fkie_nvd - Published: 2023-10-04 04:15 - Updated: 2024-11-21 08:41
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
References
secteam@freebsd.orghttps://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
secteam@freebsd.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.ascPatch
secteam@freebsd.orghttps://security.netapp.com/advisory/ntap-20231124-0004/
af854a3a-2127-422b-91ae-364da2661108https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.ascPatch
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231124-0004/
Impacted products
Vendor Product Version
freebsd freebsd *
freebsd freebsd *
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 12.4
freebsd freebsd 13.2
freebsd freebsd 13.2
freebsd freebsd 13.2
freebsd freebsd 13.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186",
              "versionEndExcluding": "12.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060",
              "versionEndExcluding": "13.2",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C950F97-40B4-43BF-BB81-C49CE00A468B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\n\n"
    },
    {
      "lang": "es",
      "value": "En un sistema de archivos msdosfs, las llamadas al sistema \u0027truncate\u0027 o \u0027ftruncate\u0027 bajo ciertas circunstancias llenan el espacio adicional en el archivo con datos no asignados del dispositivo de disco subyacente, en lugar de cero bytes. Esto puede permitir que un usuario con acceso de escritura a archivos en un sistema de archivos msdosfs lea datos no deseados (por ejemplo, de un archivo previamente eliminado)."
    }
  ],
  "id": "CVE-2023-5368",
  "lastModified": "2024-11-21T08:41:37.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-04T04:15:14.143",
  "references": [
    {
      "source": "secteam@freebsd.org",
      "url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
    },
    {
      "source": "secteam@freebsd.org",
      "tags": [
        "Patch"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
    },
    {
      "source": "secteam@freebsd.org",
      "url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
    }
  ],
  "sourceIdentifier": "secteam@freebsd.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "secteam@freebsd.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.