FreeBSD : FreeBSD -- devfs rules not applied by default for jails (6b6ca5b6-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The default devfs rulesets are not loaded on boot, even when jails are
used. Device nodes will be created in the jail with their normal
default access permissions, while most of them should be hidden and
inaccessible. Impact : Jailed processes can get access to restricted
resources on the host system. For jailed processes running with
superuser privileges this implies access to all devices on the system.
This level of access could lead to information leakage and privilege
escalation.

See also :

http://www.nessus.org/u?9e5765dc

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92899 ()

Bugtraq ID: 67158

CVE ID: CVE-2014-3001

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now