Summaryinfo

A vulnerability, which was classified as critical, has been found in BSD. Affected by this issue is some unknown functionality. The manipulation of the argument f_count leads to privileges management. There is no exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in BSD (the affected version is unknown). Affected by this vulnerability is an unknown code. The manipulation of the argument f_count with an unknown input leads to a privileges management vulnerability. The CWE definition for the vulnerability is CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. As an impact it is known to affect confidentiality, integrity, and availability.

The bug was discovered 06/01/1982. The weakness was released 06/03/1985 (Website). The advisory is shared at securitydigest.org. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 1098 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at OSVDB (604†). Entries connected to this vulnerability are available at VDB-94864 and VDB-94863. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Name

• BSD

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion