FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.52645

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc

Vulnerability Insight:
The jail(2) system call allows a system administrator to lock up a
process and all its descendants inside a closed environment with very
limited ability to affect the system outside that environment, even
for processes with superuser privileges. It is an extension of, but
far more stringent than, the traditional Unix chroot(2) system call.

The jail_attach(2) system call, which was introduced in FreeBSD 5
before 5.1-RELEASE, allows a non-jailed process to permanently move
into an existing jail.

A programming error has been found in the jail_attach(2) system call
which affects the way that system call verifies the privilege
level of the calling process. Instead of failing immediately if the
calling process was already jailed, the jail_attach(2) system call
would fail only after changing the calling process's root directory.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0126
BugTraq ID: 9762
http://www.securityfocus.com/bid/9762
FreeBSD Security Advisory: FreeBSD-SA-04:03
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
http://www.osvdb.org/4101
XForce ISS Database: freebsd-jailattach-gain-privileges(15344)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15344

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.52645
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc Vulnerability Insight: The jail(2) system call allows a system administrator to lock up a process and all its descendants inside a closed environment with very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more stringent than, the traditional Unix chroot(2) system call. The jail_attach(2) system call, which was introduced in FreeBSD 5 before 5.1-RELEASE, allows a non-jailed process to permanently move into an existing jail. A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0126 BugTraq ID: 9762 http://www.securityfocus.com/bid/9762 FreeBSD Security Advisory: FreeBSD-SA-04:03 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc http://www.osvdb.org/4101 XForce ISS Database: freebsd-jailattach-gain-privileges(15344) https://exchange.xforce.ibmcloud.com/vulnerabilities/15344
Copyright	Copyright (C) 2008 E-Soft Inc.