Описание
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.2 (включая)
Одно из
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00053
Низкий
6.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 19 лет назад
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathname ...
github
больше 3 лет назад
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
EPSS
Процентиль: 16%
0.00053
Низкий
6.6 Medium
CVSS2
Дефекты
NVD-CWE-Other