CVE-2020-25582 - Vulnerability Details - OpenCVE

In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0039.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:11.4:-::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p1::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p6::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p7::::::
	cpe:2.3:o:freebsd:freebsd:12.2:-::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p3::::::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc
https://security.netapp.com/advisory/ntap-20210423-0003/

History

No history.

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2021-03-26T20:41:04

Updated: 2024-08-04T15:33:05.761Z

Reserved: 2020-09-14T00:00:00

Link: CVE-2020-25582

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-26T21:15:12.957

Modified: 2024-11-21T05:18:10.180

Link: CVE-2020-25582

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "FreeBSD 12.2-RELEASE before p4, 11.4-RELEASE before p8"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed."}], "problemTypes": [{"descriptions": [{"description": "Improper check for unusual conditions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-23T05:06:25", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210423-0003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2020-25582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "FreeBSD 12.2-RELEASE before p4, 11.4-RELEASE before p8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper check for unusual conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"}, {"name": "https://security.netapp.com/advisory/ntap-20210423-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210423-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:05.761Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210423-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2020-25582", "datePublished": "2021-03-26T20:41:04", "dateReserved": "2020-09-14T00:00:00", "dateUpdated": "2024-08-04T15:33:05.761Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*", "matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*", "matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*", "matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*", "matchCriteriaId": "C04EE177-C7D1-4049-B680-F961A27C677F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:*", "matchCriteriaId": "218AF216-7B03-4C02-B55F-2316AF14074B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:*", "matchCriteriaId": "33266717-0359-4243-868B-B84436E2A89E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p6:*:*:*:*:*:*", "matchCriteriaId": "99965487-D5FD-4507-A43B-F241FEEA5237", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p7:*:*:*:*:*:*", "matchCriteriaId": "050F0B6A-4674-45E9-A079-60A68CFA4D25", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", "matchCriteriaId": "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*", "matchCriteriaId": "62A178A3-6A52-4981-9A27-FB07AD8AF778", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*", "matchCriteriaId": "54A487B1-E5CE-4C76-87E8-518D24C5D86D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:*", "matchCriteriaId": "9F084CAB-D138-4BF6-ABC2-2314F0FDE0D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed."}, {"lang": "es", "value": "En FreeBSD versiones 12.2-STABLE anteriores a r369334, 11.4-STABLE anteriores a r369335, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, cuando un proceso, como jexec(8) o killall(1), llama a jail_attach(2) para ingresar una jail, la root enjaulada puede adjuntarse a \u00e9l usando ptrace(2) antes de que se cambie el directorio de trabajo actual."}], "id": "CVE-2020-25582", "lastModified": "2024-11-21T05:18:10.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T21:15:12.957", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210423-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210423-0003/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}