CVE-2010-2022

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
freebsdfreebsd
8.0
freebsdfreebsd
8.1-prerelease
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247