vulnerability

FreeBSD: VID-BBA850FD-770E-11EB-B87A-901B0EF719AB (CVE-2020-25582): FreeBSD -- jail_attach(2) relies on the caller to change the cwd

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:N)
Published
2021-02-24
Added
2021-02-25
Modified
2021-04-05

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-BBA850FD-770E-11EB-B87A-901B0EF719AB:




Problem Description:


When a process, such as jexec(8) or killall(1), calls jail_attach(2)


to enter a jail, the jailed root can attach to it using ptrace(2) before


the current working directory is changed.


Impact:


A process with superuser privileges running inside a jail could change


the root directory outside of the jail, thereby gaining full read and


writing access to all files and directories in the system.



Solution(s)

freebsd-upgrade-base-11_4-release-p8freebsd-upgrade-base-12_2-release-p4
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.