| |
Vulnerability CVE-2020-25582
Published: 2021-03-26
| Description: |
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. |
Type:
CWE-269 (Improper Privilege Management)
CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
8.5/10 |
9.2/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
None |
References: |
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
