PT-2004-1754 · Rsbac · Rsbac
Brad Sprengler
·
Published
2004-07-13
·
Updated
2023-06-20
·
CVE-2004-0667
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RSBAC versions 1.2.2 through 1.2.3
Description
The issue allows local users to potentially gain elevated privileges due to access being granted to certain system calls, including sys creat, sys open, and sys mknod, even when inside jails.
Recommendations
For RSBAC versions 1.2.2 through 1.2.3, consider restricting access to the sys creat, sys open, and sys mknod system calls inside jails until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rsbac