This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Problem Description :
The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not
check whether the source and target of the link are both in the same
nullfs instance. It is therefore possible to create a hardlink from a
location in one nullfs instance to a file in another, as long as the
underlying (source) filesystem is the same.
If multiple nullfs views into the same filesystem are mounted in
different locations, a user with read access to one of these views and
write access to another will be able to create a hard link from the
latter to a file in the former, even though they are, from the user's
perspective, different filesystems. The user may thereby gain write
access to files which are nominally on a read-only filesystem.
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 3.7
CVSS Temporal Score : 3.2
Public Exploit Available : false