CVE-2023-5978

Name of the Vulnerable Software and Affected Versions FreeBSD versions 13-RELEASE through 13-RELEASE-p4

Description The issue is related to errors in privilege management in the cap net service of the FreeBSD operating system. This could allow a remote attacker to modify the list of allowed domain names. Specifically, when only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including entries not previously listed, potentially permitting the application to resolve domain names that were previously restricted.

Recommendations For FreeBSD versions 13-RELEASE through 13-RELEASE-p4, update to version 13-RELEASE-p5 or later to resolve the issue. As a temporary workaround, consider restricting access to the cap net libcasper(3) service to minimize the risk of exploitation. Avoid submitting new lists of domains to the cap net service until the issue is resolved.