CVE-2010-2022

Опубликовано: 28 мая 2010

Источник: nvd

CVSS2: 3.3

EPSS Низкий

Описание

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.

Ссылки

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
Vendor Advisory
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247
Patch
Vendor Advisory
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
Vendor Advisory
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:8.1-prerelease:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00142

Низкий

3.3 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2010-2022

debian

больше 15 лет назад

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root ...

GHSA-v2wv-8qgp-cpv7

github

больше 3 лет назад