MNBSD-2011-4: nsdispatch unaware of chroot can reload files outside the jail

Severity: Unknown

Affected Package: nsdispatch

Summary: nsdispatch unaware of chroot can reload files outside the jail

Description

The nsdispatch(3) name-service dispatcher is not aware that it is operating inside a chroot, and certain operations can cause files to be (re)loaded from outside the chrooted environment. This creates a security hole in chroot-using services such as ftpd, contributing to the chroot escape/privilege escalation. No CVE was assigned by FreeBSD for this advisory.

Affected Versions

nsdispatch

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases:

Published: December 23, 2011
Last Modified: December 23, 2011