• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FreeBSD jail() Process Unauthorized Routing Table Modification Vulnerability

FreeBSD improperly allows routing updates from superuser processes inside jail() environments.

An attacker that gains superuser privileges inside of a jailed process can send routing table changes. An attacker could corrupt the routing table of the server, denying network services to legitimate users. Attackers may also be able to perform connection-hijacking and redirection attacks, such as the SSH man-in-the-middle attack.