FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability

FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability

FreeBSD is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data.

The problem affects chroot inside of an SMB-mounted filesystem ('smbfs'). A local attacker who is bounded by the chroot can exploit this issue to bypass the chroot restriction and then gain unauthorized access to the filesystem.

Although this issue is identical to the vulnerability described in BID 17735 (Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability), this issue has been assigned a CVE number (CVE-2006-2654).