Vulnerability Name:

CVE-2005-2218 (CCN-21451)

Assigned:2005-07-20
Published:2005-07-20
Updated:2017-07-11
Summary:The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-05:17.devfs
devfs ruleset bypass

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-05:17

Source: MITRE
Type: CNA
CVE-2005-2218

Source: CCN
Type: SA16145
FreeBSD devfs Ruleset Bypass Security Issue

Source: SECUNIA
Type: UNKNOWN
16145

Source: CCN
Type: SECTRACK ID: 1014536
FreeBSD devfs Access Control Bug May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1014536

Source: OSVDB
Type: UNKNOWN
18123

Source: CCN
Type: OSVDB ID: 18123
FreeBSD devfs Device Disclosure jail(2) Bypass

Source: BID
Type: UNKNOWN
14334

Source: CCN
Type: BID-14334
FreeBSD Jail() Devfs Ruleset Bypass Vulnerability

Source: XF
Type: UNKNOWN
freebsd-devfs-gain-privileges(21451)

Source: XF
Type: UNKNOWN
freebsd-devfs-gain-privileges(21451)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.3:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.3:releng:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.3:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.4:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.4:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.4:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.4:releng:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.4:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    freebsd freebsd 5.0
    freebsd freebsd 5.0 alpha
    freebsd freebsd 5.0 release_p14
    freebsd freebsd 5.0 releng
    freebsd freebsd 5.1
    freebsd freebsd 5.1 alpha
    freebsd freebsd 5.1 release
    freebsd freebsd 5.1 release_p5
    freebsd freebsd 5.1 releng
    freebsd freebsd 5.2
    freebsd freebsd 5.2.1
    freebsd freebsd 5.2.1 release
    freebsd freebsd 5.2.1 releng
    freebsd freebsd 5.3
    freebsd freebsd 5.3 release
    freebsd freebsd 5.3 releng
    freebsd freebsd 5.3 stable
    freebsd freebsd 5.4
    freebsd freebsd 5.4 pre-release
    freebsd freebsd 5.4 release
    freebsd freebsd 5.4 releng
    freebsd freebsd 5.0 alpha
    freebsd freebsd 5.0 -
    freebsd freebsd 5.1 -
    freebsd freebsd 5.2 -
    freebsd freebsd 5.2.1 -
    freebsd freebsd 5.1 alpha
    freebsd freebsd 5.3 -
    freebsd freebsd 5.4 -