Vigil@nce - FreeBSD 10: privilege escalation via devfs
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located in a jail, can use devfs of FreeBSD, in order
to obtain sensitive information, or to escalate his privileges.
– Impacted products: FreeBSD
– Severity: 2/4
– Creation date: 30/04/2014
DESCRIPTION OF THE VULNERABILITY
The devfs filesystem is used to access to kernel devices, as files.
However, access rules (ruleset) to devfs are not loaded when the
system boots.
An attacker, located in a jail, can therefore use devfs of
FreeBSD, in order to obtain sensitive information, or to escalate
his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-10-privilege-escalation-via-devfs-14682