Multiple vulnerabilities in FreeBSD



Published: 2021-03-02
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2020-25582
CVE-2020-25581
CVE-2020-25580
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51108

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25582

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A process with superuser privileges running inside a jail could change the root directory outside of the jail, thereby gaining full read and writing access to all files and directories in the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 11.0 - 13.0


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-21:05.jail_chdir.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51107

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25581

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper management of internal resources within the jail_remove(2) system call implementation. A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible.  If the process is privileged, it may be able to escape the jail and gain full access to the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 11.0 - 13.0


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-21:04.jail_remove.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51106

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25580

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to regression in login.access(5) rule processor, which triggered the rules to be failed in certain cases and deny access rules can be ignored. An attacker can bypass defined access policy and gain unauthorized access to the system, even when the system is configured to deny it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 11.0 - 13.0


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-21:03.pam_login_access.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###