CVE-2024-6760

Severity

75%

Complexity

39%

Confidentiality

60%

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Overview

First reported 6 months ago

2024-08-12 13:38:00

Last updated 3 months ago

2024-11-21 09:50:00

Affected Software

FreeBSD

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240816-0010/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2024-6760

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 6 months ago

Last updated 3 months ago

Affected Software

FreeBSD

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc

https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc

https://security.netapp.com/advisory/ntap-20240816-0010/

Stay updated

Get in touch