Security Advisory

CVE-2007-0166

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-01-11 20:00:00

Last updated 2024-08-07 12:12:17

Assigner freebsd

State PUBLISHED

Description

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

← Browse all CVEs View on cve.org ↗