FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52645

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc

Vulnerability Insight:
The jail(2) system call allows a system administrator to lock up a
process and all its descendants inside a closed environment with very
limited ability to affect the system outside that environment, even
for processes with superuser privileges. It is an extension of, but
far more stringent than, the traditional Unix chroot(2) system call.

The jail_attach(2) system call, which was introduced in FreeBSD 5
before 5.1-RELEASE, allows a non-jailed process to permanently move
into an existing jail.

A programming error has been found in the jail_attach(2) system call
which affects the way that system call verifies the privilege
level of the calling process. Instead of failing immediately if the
calling process was already jailed, the jail_attach(2) system call
would fail only after changing the calling process's root directory.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0126
BugTraq ID: 9762
http://www.securityfocus.com/bid/9762
FreeBSD Security Advisory: FreeBSD-SA-04:03
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
http://www.osvdb.org/4101
XForce ISS Database: freebsd-jailattach-gain-privileges(15344)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15344

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52645
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-04:03.jail.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:03.jail.asc Vulnerability Insight: The jail(2) system call allows a system administrator to lock up a process and all its descendants inside a closed environment with very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more stringent than, the traditional Unix chroot(2) system call. The jail_attach(2) system call, which was introduced in FreeBSD 5 before 5.1-RELEASE, allows a non-jailed process to permanently move into an existing jail. A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0126 BugTraq ID: 9762 http://www.securityfocus.com/bid/9762 FreeBSD Security Advisory: FreeBSD-SA-04:03 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc http://www.osvdb.org/4101 XForce ISS Database: freebsd-jailattach-gain-privileges(15344) https://exchange.xforce.ibmcloud.com/vulnerabilities/15344
Copyright	Copyright (C) 2008 E-Soft Inc.