CVE-2010-0318 : The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a s

The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.

Published 2010-01-15 18:30:00

Updated 2011-08-08 04:00:00

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2010-0318

Top countries where our scanners detected CVE-2010-0318

Top open port discovered on systems with this issue 80

IPs affected by CVE-2010-0318 1

Find out if you^* are affected by CVE-2010-0318!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-0318

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0318

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0318

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0318

http://www.securityfocus.com/bid/37657

FreeBSD ZFS ZIL Insecure File Permissions Vulnerability
http://www.securitytracker.com/id?1023407

FreeBSD ZFS Intent Log Mechanism May Let Local Users Gain Elevated Privileges - SecurityTracker
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc

Patch;Vendor Advisory

Products affected by CVE-2010-0318