CVE-2010-2022

EUVD-2010-2042
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
8.0
freebsdfreebsd
8.1-prerelease
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
http://securitytracker.com/id?1024038
http://www.securityfocus.com/bid/40399
http://www.vupen.com/english/advisories/2010/1247