Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
FreeBSD Security Advisory (FreeBSD-SA-05:17.devfs.asc)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:17.devfs.asc
Insight
Insight
The jail(2) system call allows a system administrator to lock a process and all of its descendants inside an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The device file system, or devfs(5), provides access to kernel's device namespace in the global file system namespace. This includes access to to system devices such as storage devices, kernel and system memory devices, BPF devices, and serial port devices. Devfs is is generally mounted as /dev. Devfs rulesets allow an administrator to hide certain device nodes this is most commonly applied to a devfs mounted for use inside a jail, in order to make devices inaccessible to processes within that jail. Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.
Solution
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:17.devfs.asc