FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

devfs -- ruleset bypass

Affected packages
5.4 <= FreeBSD < 5.4_5
5.* <= FreeBSD < 5.3_19

Details

VuXML ID 7257b26f-0597-11da-86bc-000e0c2e438a
Discovery 2005-07-20
Entry 2005-08-05

Problem description

Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.

Impact

Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access can lead to information leakage and privilege escalation.

References

CVE Name CVE-2005-2218
FreeBSD Advisory SA-05:17.devfs