CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc	Vendor Advisory
https://security.netapp.com/advisory/ntap-20231214-0003/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:freebsd:freebsd:13.2:-::::::
	cpe:2.3:o:freebsd:freebsd:13.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:13.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:13.2:p3::::::
	cpe:2.3:o:freebsd:freebsd:13.2:p4::::::

History

14 Dec 2023, 10:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20231214-0003/ -

16 Nov 2023, 15:17

Type	Values Removed	Values Added
First Time		Freebsd freebsd Freebsd
References	~~() https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc -~~	() https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:freebsd:freebsd:::::::: cpe:2.3:o:freebsd:freebsd:13.2:p3:::::: cpe:2.3:o:freebsd:freebsd:13.2:p4:::::: cpe:2.3:o:freebsd:freebsd:13.2:-:::::: cpe:2.3:o:freebsd:freebsd:13.2:p2:::::: cpe:2.3:o:freebsd:freebsd:13.2:p1::::::

08 Nov 2023, 14:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-08 09:15

Updated : 2023-12-14 10:15

NVD link : CVE-2023-5978

Mitre link : CVE-2023-5978

CVE.ORG link : CVE-2023-5978

JSON object : View

Products Affected

freebsd

freebsd

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2023-5978", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-11-08T09:15:07.933", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.netapp.com/advisory/ntap-20231214-0003/", "source": "secteam@freebsd.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secteam@freebsd.org", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted."}, {"lang": "es", "value": "En las versiones 13-RELEASE anteriores a 13-RELEASE-p5 de FreeBSD, bajo ciertas circunstancias el servicio cap_net libcasper(3) valida incorrectamente que las restricciones actualizadas son estrictamente subconjuntos de las restricciones activas. Cuando solo se especificaba una lista de nombres de dominio resolubles sin establecer otras limitaciones, una aplicaci\u00f3n pod\u00eda enviar una nueva lista de dominios que incluyeran entradas que no figuraban anteriormente. Esto podr\u00eda permitir que la aplicaci\u00f3n resuelva nombres de dominio que anteriormente estaban restringidos."}], "lastModified": "2023-12-14T10:15:08.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060", "versionEndExcluding": "13.2", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E584FE1-3A34-492B-B10F-508DA7CBA768"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5605E90-D125-4CC9-8B9F-F5EED9D4EE0C"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}