FreeBSD Chrooted 'ftpd' Remote Privilege Escalation Vulnerability

Bugtraq ID:	51185
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 23 2011 12:00AM
Updated:	Dec 23 2011 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	FreeBSD ftpd 0 FreeBSD Freebsd 9.0-STABLE FreeBSD Freebsd 9.0-RELEASE FreeBSD Freebsd 9.0-RC3 FreeBSD Freebsd 9.0-RC1 FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2-RELEASE-p2 FreeBSD Freebsd 8.2-RELEASE-p1 FreeBSD Freebsd 8.2 - RELEASE -p3 FreeBSD Freebsd 8.2 FreeBSD Freebsd 8.1-RELEASE-p5 FreeBSD Freebsd 8.1-RELEASE-p4 FreeBSD FreeBSD 8.1-RELEASE FreeBSD FreeBSD 8.1-PRERELEASE FreeBSD Freebsd 8.1 FreeBSD Freebsd 7.4-STABLE FreeBSD Freebsd 7.4-RELEASE-p2 FreeBSD Freebsd 7.4 -RELEASE-p3 FreeBSD Freebsd 7.4 FreeBSD FreeBSD 7.3-STABLE FreeBSD Freebsd 7.3-RELEASE-p6 FreeBSD FreeBSD 7.3-RELEASE-p1 FreeBSD Freebsd 7.3 - RELEASE - p7 FreeBSD Freebsd 7.3
Not Vulnerable:

FreeBSD Chrooted 'ftpd' Remote Privilege Escalation Vulnerability

FreeBSD 'ftpd' which is configured to use chroot is prone to a remote privilege-escalation vulnerability.

Successful exploits may allow attackers to break out of a chroot jail to execute arbitrary code with root privileges.

FreeBSD Chrooted 'ftpd' Remote Privilege Escalation Vulnerability

Attackers can use readily available tools to exploit this issue.

FreeBSD Chrooted 'ftpd' Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.

FreeBSD Chrooted 'ftpd' Remote Privilege Escalation Vulnerability

References:

• FreeBSD Homepage (FreeBSD)