Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-BBA850FD-770E-11EB-B87A-901B0EF719AB (CVE-2020-25582): FreeBSD -- jail_attach(2) relies on the caller to change the cwd

Back to Search

FreeBSD: VID-BBA850FD-770E-11EB-B87A-901B0EF719AB (CVE-2020-25582): FreeBSD -- jail_attach(2) relies on the caller to change the cwd

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:N)
Published
02/24/2021
Created
02/27/2021
Added
02/25/2021
Modified
04/05/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-BBA850FD-770E-11EB-B87A-901B0EF719AB:

Problem Description:

When a process, such as jexec(8) or killall(1), calls jail_attach(2)

to enter a jail, the jailed root can attach to it using ptrace(2) before

the current working directory is changed.

Impact:

A process with superuser privileges running inside a jail could change

the root directory outside of the jail, thereby gaining full read and

writing access to all files and directories in the system.

Solution(s)

  • freebsd-upgrade-base-11_4-release-p8
  • freebsd-upgrade-base-12_2-release-p4

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;