FreeBSD : FreeBSD -- devfs rules not applied by default for jails (6b6ca5b6-6007-11e6-a6c3-14dae9d210b8)

medium Nessus Plugin ID 92899

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Impact : Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system.
This level of access could lead to information leakage and privilege escalation.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?f38d2729

Plugin Details

Severity: Medium

ID: 92899

File Name: freebsd_pkg_6b6ca5b6600711e6a6c314dae9d210b8.nasl

Version: 2.4

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 4/30/2014

Reference Information

CVE: CVE-2014-3001

BID: 67158

FreeBSD: SA-14:07.devfs