vulnerability
FreeBSD: VID-6D334FDB-F7E7-11EA-88F8-901B0EF719AB (CVE-2020-7468): FreeBSD -- ftpd privilege escalation via ftpchroot feature
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Sep 15, 2020 | Sep 17, 2020 | Apr 5, 2021 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Sep 15, 2020
Added
Sep 17, 2020
Modified
Apr 5, 2021
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-6D334FDB-F7E7-11EA-88F8-901B0EF719AB:
Problem Description:
A ftpd(8) bug in the implementation of the file system sandbox, combined
with capabilities available to an authenticated FTP user, can be used to
escape the file system restriction configured in ftpchroot(5).
Moreover, the bug allows a malicious client to gain root privileges.
Impact:
A malicious FTP user can gain privileged access to an affected system.
Solution(s)
freebsd-upgrade-base-11_3-release-p14freebsd-upgrade-base-11_4-release-p4freebsd-upgrade-base-12_1-release-p10
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.