Main Vulnerability Database Vulnerabilities #VU46743

#VU46743 Security restrictions bypass in FreeBSD - CVE-2020-7468

Published: September 16, 2020

Vulnerability identifier: #VU46743

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7468

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to an error in ftpd(8) sandbox implementation, combined with capabilities available to authenticated FTP users. A remote FTP user can bypass restrictions, configured with ftpchroot(5) and gain privileged access to the system.

Note, this vulnerability cannot be exploited by users with anonymous access to FTP server.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc

#VU46743 Security restrictions bypass in FreeBSD - CVE-2020-7468

Description

Remediation

External links

Please verify you're human