MNBSD-2025-0: Unprivileged access to system files

Description

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved.

Affected Versions

etcupdate

Specific versions:

• 2.0.0
• 2.0.1
• 2.0.2
• 2.1.0
• 2.1.1
• 2.2.0
• 2.2.1
• 2.2.2
• 2.2.3
• 2.2.4
• 2.2.5
• 2.2.6
• 2.2.7
• 2.2.8
• 3.0.0
• 3.0.1
• 3.0.2
• 3.0.3
• 3.0.4
• 3.0.5
• 3.1.0
• 3.1.1
• 3.1.2
• 3.1.3
• 3.1.4
• 3.1.5
• 3.2.0
• 3.2.1

Recommendations

Update to MidnightBSD 3.2.2 release by using the normal update procedure.

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-0374
• https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc
• https://github.com/MidnightBSD/src/commit/5d841371739a8034d89a9b2a6ca35ca151a0e9f6

Additional Information

Aliases: FreeBSD-SA-25:03.etcupdate, CVE-2025-0374

Published: March 24, 2025
Last Modified: March 24, 2025