MNBSD-2007-0: Symlink attack in the jail rc.d startup system

Severity: Unknown

Affected Package: jail

Summary: Symlink attack in the jail rc.d startup system

Description

A symlink exploit was found in the MidnightBSD jail system: the jail rc.d script did not verify pathnames when writing files, allowing a symlink attack that could overwrite host files or escape the jail. A fix was made available and users were advised to update /etc/rc.d/jail from cvs; formal patches were deferred until the first release. This corresponds to FreeBSD-SA-07:01.jail.

Affected Versions

jail

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2007-0166

Published: January 23, 2007
Last Modified: January 23, 2007