FreeBSD 10.x ZFS encryption. key leakage Vulnerability (CVE-2015-1415)

FreeBSD 10.x ZFS encryption. key leakage Vulnerability (CVE-2015-1415)
FreeBSD 10.x ZFS encryption. key leakage Vulnerability (CVE-2015-1415)

Release date:
Updated on:

Affected Systems:

FreeBSD FreeBSD 10.1

Description:

CVE (CAN) ID: CVE-2015-1415

FreeBSD is a UNIX operating system.

By default, the FreeBSD 10. x installer supports the installation of encrypted ZFS file systems. After the ZFS encryption system is installed in versions 10.0 and 10.1, the encryption. key has incorrect permission restrictions, allowing local users to read the file. The file is located in/boot/encryption. key. The permission should be 0600 and is now 0644 local readable.

<* Source: Pierre Kim

Link: http://www.securityfocus.com/archive/1/535209
Https://security.FreeBSD.org/advisories/FreeBSD-SA-15:08.bsdinstall.asc
*>

Suggestion:

Vendor patch:

FreeBSD
-------
FreeBSD has released a Security Bulletin (FreeBSD-SA-15: 08. bsdinstall) and patches for this:
The FreeBSD-SA-15: 08. bsdinstall: Insecure default GELI keyfile permissions
Link: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:08.bsdinstall.asc

Use dump restore to quickly back up and restore the FreeBSD system

Mount the partition where FreeBSD is located in Linux

Test data of PostgreSQL running on FreeBSD and Linux

FreeBSD software package management

This article permanently updates the link address: