Title : FreeBSD Security Update Fixes Devfs Security Bypass Vulnerability VUPEN ID : VUPEN/ADV-2005-1157 CVE ID : CVE-2005-2218 CWE ID : CWE-
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2005-07-21
Technical Description
A vulnerability was identified in FreeBSD, which could be exploited by local attackers to get access to restricted resources on a vulnerable system. This flaw is due to an insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. For jailed processes running with superuser privileges this implies access to all devices on the system, which can lead to information disclosure or privilege escalation.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
