FreeBSD jailed process routing table modification
| freebsd-jailed-table-modify (16342) |  Medium Risk |
Description:
FreeBSD could allow a local attacker to modify internal routing tables. FreeBSD kernel fails to prevent unauthorized jailed processes, with superuser privileges, from modifying host routing tables. A local attacker could use this vulnerability to cause packets to be discarded or sent to the wrong network interface.
Consequences:
Data Manipulation
Remedy:
Upgrade to the latest version of FreeBSD (4.10-RELEASE or RELENG_4_8 or RELENG_4_9 dated later than 2004-06-07), as listed in FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute. See References.
—OR—
Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute. See References.
References:
- FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute: Jailed processes can manipulate host routing tables.
- BID-10485: FreeBSD jail() Process Unauthorized Routing Table Modification Vulnerability
- CVE-2004-0125: The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.
Platforms Affected:
- FreeBSD FreeBSD 4.8
- FreeBSD FreeBSD 4.9
Reported:
Jun 07, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net