CVE-2010-2022

FreeBSD 8.0 and 8.1-PRERELEASE - Unauthenticated Arbitrary File Access via Jail Directory Restriction Bypass

Title source: llm
STIX 2.1

Description

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.

References (4)

Core 4
Core References
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1247
Vendor Advisory vendor-advisory x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40399
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024038

Scores

EPSS 0.0006
EPSS Percentile 18.6%

Details

CWE
CWE-264
Status published
Products (2)
freebsd/freebsd 8.0
freebsd/freebsd 8.1-prerelease
Published May 28, 2010
Tracked Since Feb 18, 2026