CVE-2020-24717

Summary

CVE	CVE-2020-24717
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-08-27 19:15:00 UTC
Updated	2020-09-04 16:20:00 UTC
Description	OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

Risk And Classification

Problem Types: CWE-276

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Freebsd	Freebsd	-	All	All	All
Operating System	Freebsd	Freebsd	-	All	All	All
Application	Openzfs	Openzfs	All	All	All	All

References

Reference	Source	Link	Tags
[NAS-107270] Critical Permissions issue in ZFS on FreeBSD - iX - Bug Tracker (Jira)	MISC	jira.ixsystems.com	Exploit, Issue Tracking, Patch, Third Party Advisory
FreeBSD: Fix UNIX permissions checking · openzfs/zfs@716b53d · GitHub	MISC	github.com	Patch, Third Party Advisory
⚙ D26107 openzfs*: Bump OpenZFS ports	MISC	reviews.freebsd.org	Issue Tracking, Patch, Third Party Advisory
Comparing zfs-0.8.4...zfs-2.0.0-rc1 · openzfs/zfs · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.