CVE-2020-7468
Summary
| CVE | CVE-2020-7468 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-26 21:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Freebsd | Freebsd | 11.3 | - | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p1 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p10 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p11 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p12 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p13 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p2 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p3 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p4 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p5 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p6 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p7 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p8 | All | All |
| Operating System | Freebsd | Freebsd | 11.3 | p9 | All | All |
| Operating System | Freebsd | Freebsd | 11.4 | - | All | All |
| Operating System | Freebsd | Freebsd | 11.4 | p1 | All | All |
| Operating System | Freebsd | Freebsd | 11.4 | p2 | All | All |
| Operating System | Freebsd | Freebsd | 11.4 | p3 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | - | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p1 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p2 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p3 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p4 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p5 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p6 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p7 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p8 | All | All |
| Operating System | Freebsd | Freebsd | 12.1 | p9 | All | All |
| Operating System | Freebsd | Freebsd | 12.2 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.FreeBSD.org/advisories/FreeBSD-SA-20:30.ftpd.asc | MISC | security.FreeBSD.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376806 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Sensitive Information Disclosure Vulnerability (NTAP-20201016-0002)
- 690454 Free Berkeley Software Distribution (FreeBSD) Security Update for Free Berkeley Software Distribution (FreeBSD) (6d334fdb-f7e7-11ea-88f8-901b0ef719ab)