A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to bypass certain security restrictions.
The vulnerability is caused due to the jail rc.d script not properly checking paths inside a jail file system structure before usage. This can be exploited via symlink attacks by the root user inside a jail to overwrite files outside the jail using /var/log/console.log or to mount or unmount file systems on the host system.
Successful exploitation allows execution of arbitrary commands with non-jailed superuser privileges.
NOTE: The vulnerability occurs only when a jail is being started or stopped using the host's jail rc.d script. Running jails cannot exploit this.
The vulnerability is reported in all FreeBSD releases since 5.3.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org