CVE-2023-5368
6.5MEDIUMOn an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather
Publicado: 10/4/2023Actualizado: 11/21/2024
Descripción
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Análisis IAImpulsado por IA
Productos Afectados
freebsdfreebsd
freebsdfreebsd
freebsdfreebsd
12.4
freebsdfreebsd
12.4
freebsdfreebsd
12.4
freebsdfreebsd
12.4
freebsdfreebsd
12.4
freebsdfreebsd
12.4
freebsdfreebsd
13.2
freebsdfreebsd
13.2
freebsdfreebsd
13.2
freebsdfreebsd
13.2
Referencias
- https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.ascPatch
- https://security.netapp.com/advisory/ntap-20231124-0004/
- https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.ascPatch
- https://security.netapp.com/advisory/ntap-20231124-0004/