CVE-2020-25584
FreeBSD Security Advisory - FreeBSD-SA-21:10.jail_mount
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.
En FreeBSD versiones 13.0-STABLE anteriores a n245118, versiones 12.2-STABLE anteriores a r369552, versiones 11.4-STABLE anteriores a r369560, versiones 13.0-RC5 anteriores a p1, versiones 12.2-RELEASE anteriores a p6 y versiones 11.4-RELEASE anteriores a p9, un superusuario dentro de una jaula FreeBSD configurada con el permiso por defecto allow.mount podría causar una condición de carrera entre la búsqueda de ".." y volver a montar un sistema de archivos, permitiendo el acceso a la jerarquía del sistema de archivos fuera de jail
Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail. A process with superuser privileges running inside a jail configured with the allow.mount permission (not enabled by default) could change the root directory outside of the jail, and thus gain full read and write access to all files and directories in the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-14 CVE Reserved
- 2021-04-06 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20210423-0009 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc | 2021-06-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | < 11.4 Search vendor "Freebsd" for product "Freebsd" and version " < 11.4" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | >= 12.0 < 12.2 Search vendor "Freebsd" for product "Freebsd" and version " >= 12.0 < 12.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | beta1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p5 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | rc1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | rc2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | beta1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | beta2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | beta3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | beta4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | rc1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | rc2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | rc3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | rc4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | rc5 |
Affected
| ||||||