FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-10:04.jail.asc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67508

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-10:04.jail.asc)

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-10:04.jail.asc

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-10:04.jail.asc

Vulnerability Insight:
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.

By design, neither the chroot(2) nor the jail(2) system call modify
existing open file descriptors of the calling process, in order to
allow programmers to make fine grained access control and privilege
separation.

The jail(8) utility creates a new jail or modifies an existing jail,
optionally imprisoning the current process (and future descendants)
inside it.

The jail(8) utility does not change the current working directory while
imprisoning. The current working directory can be accessed by its
descendants.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
3.3

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2022
BugTraq ID: 40399
http://www.securityfocus.com/bid/40399
FreeBSD Security Advisory: FreeBSD-SA-10:04
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
http://securitytracker.com/id?1024038
http://www.vupen.com/english/advisories/2010/1247

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67508
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-10:04.jail.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-10:04.jail.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:04.jail.asc Vulnerability Insight: The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. By design, neither the chroot(2) nor the jail(2) system call modify existing open file descriptors of the calling process, in order to allow programmers to make fine grained access control and privilege separation. The jail(8) utility creates a new jail or modifies an existing jail, optionally imprisoning the current process (and future descendants) inside it. The jail(8) utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 3.3 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2022 BugTraq ID: 40399 http://www.securityfocus.com/bid/40399 FreeBSD Security Advisory: FreeBSD-SA-10:04 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc http://securitytracker.com/id?1024038 http://www.vupen.com/english/advisories/2010/1247
Copyright	Copyright (C) 2010 E-Soft Inc.