SB2021030219 - Multiple vulnerabilities in FreeBSD
Published: March 2, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-25582)
The vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A process with superuser privileges running inside a jail could change the root directory outside of the jail, thereby gaining full read and writing access to all files and directories in the system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-25581)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper management of internal resources within the jail_remove(2) system call implementation. A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-25580)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to regression in login.access(5) rule processor, which triggered the rules to be failed in certain cases and deny access rules can be ignored. An attacker can bypass defined access policy and gain unauthorized access to the system, even when the system is configured to deny it.
Remediation
Install update from vendor's website.