CVE-2004-0126

Description

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesnt have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.

Risk Information

Base Score

7.1

MODERATE

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

0.068

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234