CVE-2004-0126

Опубликовано: 29 мар. 2004

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.

Ссылки

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
Patch
Vendor Advisory
http://www.osvdb.org/4101
http://www.securityfocus.com/bid/9762
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15344
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
Patch
Vendor Advisory
http://www.osvdb.org/4101
http://www.securityfocus.com/bid/9762
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15344

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00068

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-m87g-q8c5-j57m

github

почти 4 года назад