OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 - Issue Tracking, Patch | |
References | () https://bugs.gentoo.org/917224 - | |
References | () https://github.com/openzfs/zfs/issues/15526 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | () https://github.com/openzfs/zfs/pull/15571 - Exploit, Patch, Vendor Advisory | |
References | () https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14 - | |
References | () https://github.com/openzfs/zfs/releases/tag/zfs-2.2.2 - | |
References | () https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html - | |
References | () https://news.ycombinator.com/item?id=38405731 - Patch, Third Party Advisory | |
References | () https://news.ycombinator.com/item?id=38770168 - | |
References | () https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files - Third Party Advisory | |
References | () https://www.theregister.com/2023/12/04/two_new_versions_of_openzfs/ - |
18 Mar 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2023, 20:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 | |
CPE | cpe:2.3:a:openzfs:openzfs:*:*:*:*:*:*:*:* cpe:2.3:a:openzfs:openzfs:2.2.0:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:* |
|
References | () https://web.archive.org/web/20231124172959/https://www.ibm.com/support/pages/how-remove-missing%C2%A0newline%C2%A0or%C2%A0line%C2%A0too%C2%A0long-error-etchostsallow%C2%A0and%C2%A0etchostsdeny-files - Third Party Advisory | |
References | () https://github.com/openzfs/zfs/issues/15526 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | () https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 - Issue Tracking, Patch | |
References | () https://github.com/openzfs/zfs/pull/15571 - Exploit, Patch, Vendor Advisory | |
References | () https://news.ycombinator.com/item?id=38405731 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
27 Nov 2023, 13:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-24 19:15
Updated : 2024-11-21 08:33
NVD link : CVE-2023-49298
Mitre link : CVE-2023-49298
CVE.ORG link : CVE-2023-49298
JSON object : View
Products Affected
openzfs
- openzfs
freebsd
- freebsd
CWE
CWE-639
Authorization Bypass Through User-Controlled Key