FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.57785

Category: FreeBSD Local Security Checks

Title: FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)

Summary: FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)

Description: The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-07:01.jail.asc

The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.

The host's jail rc.d(8) script can be used to start and stop jails
automatically on system boot/shutdown.

In multiple situations the host's jail rc.d(8) script does not check if
a path inside the jail file system structure is a symbolic link before
using the path. In particular this is the case when writing the
output from the jail start-up to /var/log/console.log and when
mounting and unmounting file systems inside the jail directory
structure.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-07:01.jail.asc

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0166
FreeBSD Security Advisory: FreeBSD-SA-07:01
http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc
BugTraq ID: 22011
http://www.securityfocus.com/bid/22011
http://osvdb.org/32726
http://securitytracker.com/id?1017505
http://secunia.com/advisories/23730

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.57785
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)
Summary:	FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)
Description:	The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:01.jail.asc The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting and unmounting file systems inside the jail directory structure. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-07:01.jail.asc
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0166 FreeBSD Security Advisory: FreeBSD-SA-07:01 http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc BugTraq ID: 22011 http://www.securityfocus.com/bid/22011 http://osvdb.org/32726 http://securitytracker.com/id?1017505 http://secunia.com/advisories/23730
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com