Main Vulnerability Database Vulnerabilities #VU51108

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2020-25582

Published: March 2, 2021

Vulnerability identifier: #VU51108

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25582

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A process with superuser privileges running inside a jail could change the root directory outside of the jail, thereby gaining full read and writing access to all files and directories in the system.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-21:05.jail_chdir.asc

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2020-25582

Description

Remediation

External links

Please verify you're human