Vulnerabilities > CVE-2004-0126 - Unspecified vulnerability in Freebsd 5.1/5.2/5.2.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
freebsd
nessus

Summary

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.

Vulnerable Configurations

Part Description Count
OS
Freebsd
4

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_JAILED_PROCESSES.NASL
descriptionThe remote host is running a version of the FreeBSD kernel which contains a bug which may allow a jailed process to attach to another jail. An attacker compromised a jailed process on the remote host could exploit this flaw to switch to other jails on the system.
last seen2020-06-01
modified2020-06-02
plugin id12556
published2004-07-06
reporterThis script is Copyright (C) 2004-2010 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12556
titleFreeBSD : SA-04:03.jail