FreeBSD procfs jail Breaking Vulnerability
BID:2132
Info
FreeBSD procfs jail Breaking Vulnerability
| Bugtraq ID: | 2132 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 18 2000 12:00AM |
| Updated: | Dec 18 2000 12:00AM |
| Credit: | This vulnerability was discovered by Esa Etelavuori <[email protected]> and announced through a FreeBSD Security Advisory on December 18, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 3.5.1 |
| Not Vulnerable: | |
Discussion
FreeBSD procfs jail Breaking Vulnerability
procfs is the filesystem interface to the process table in the FreeBSD Operating System. A problem exists which could allow a user restrained by a jail to break free.
The problem occurs in the ability of jailed members of the system to load the process filesystem. A user restricted by the jail can break free by mounting the process filesystem, and using weaknesses within the filesystem to execute arbitrary commands. This problem makes it possible for a local user with superuser access in the jailed environment to execute commands outside of the jail, and possibly gain unrestricted access to the system.
procfs is the filesystem interface to the process table in the FreeBSD Operating System. A problem exists which could allow a user restrained by a jail to break free.
The problem occurs in the ability of jailed members of the system to load the process filesystem. A user restricted by the jail can break free by mounting the process filesystem, and using weaknesses within the filesystem to execute arbitrary commands. This problem makes it possible for a local user with superuser access in the jailed environment to execute commands outside of the jail, and possibly gain unrestricted access to the system.
Exploit / POC
FreeBSD procfs jail Breaking Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD procfs jail Breaking Vulnerability
Solution:
Patches available from the FreeBSD Security Team:
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2
Solution:
Patches available from the FreeBSD Security Team:
FreeBSD FreeBSD 3.5.1
-
FreeBSD 3.5.1 procfs.3.5.1.patch.v1.1
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.p atch.v1.1
FreeBSD FreeBSD 4.1
-
FreeBSD 4.1 procfs.4.1.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.pat ch
FreeBSD FreeBSD 4.1.1
-
FreeBSD 4.1.1 procfs.4.1.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.pat ch
FreeBSD FreeBSD 4.2
-
FreeBSD 4.2 procfs.4.2.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.pat ch
References
FreeBSD procfs jail Breaking Vulnerability
References:
References: