BID:9762

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

Info

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

Bugtraq ID:	9762
Class:	Access Validation Error
CVE:	CVE-2004-0126
Remote:	No
Local:	Yes
Published:	Feb 27 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Discovery is credited to the JAS Group.
Vulnerable:	FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1

Not Vulnerable:	FreeBSD FreeBSD 5.2.1 -RELEASE

Discussion

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

A vulnerability was reported in FreeBSD that may permit a jailed process with superuser privileges to gain unauthorized access to other jails. This is due to an access validation issue in the jail_attach(2) system call.

Exploit / POC

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

Solution:
This issue has been addressed in the 5.2.1-RELEASE version of FreeBSD and in RELENG_5_2 or RELENG_5_1 security branches dated after 2004-02-19 23:26:39 UTC and 2004-02-25 20:03:35 UTC respectively.

Patches were also released.

FreeBSD FreeBSD 5.1 -RELEASE

FreeBSD jail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch

FreeBSD FreeBSD 5.1

FreeBSD jail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch

FreeBSD FreeBSD 5.2 -RELEASE

FreeBSD jail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch

FreeBSD FreeBSD 5.2

FreeBSD jail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch

References

FreeBSD Unauthorized Jailed Process Attaching Vulnerability

References: