CVE-2007-0166

Name of the Vulnerable Software and Affected Versions FreeBSD versions 5.3 through 6.2

Description The issue allows local root users to overwrite arbitrary files or mount/unmount files outside of the jail via a symlink attack. This occurs because the jail rc.d script does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted.

Recommendations For FreeBSD versions 5.3 through 6.2, as a temporary workaround, consider restricting write access to /var/log/console.log to prevent arbitrary file overwrites. Additionally, restrict the ability to mount or unmount file systems to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.