FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities

FreeBSD is prone to multiple local symbolic-link vulnerabilities because the jail startup 'rc.d' script fails to properly ensure that certain operations are not performed on symbolic links.

Successfully exploiting these issues allows users with superuser privileges inside jailed environments to overwrite arbitrary files in the host environment, overlay filesystems in arbitrary locations in the host filesystem, or to unmount filesystems in the host filesystem. These issues allow attackers to execute arbitrary machine code with superuser privileges in the host environment, escaping the jailed environment.

FreeBSD versions since version 5.3 are vulnerable to these issues.


Privacy Statement
Copyright 2010, SecurityFocus