FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- jail(2) information leak

Affected packages
14.0 <= FreeBSD-kernel < 14.0_5
13.2 <= FreeBSD-kernel < 13.2_10

Details

VuXML ID 46a29f83-cb47-11ee-b609-002590c1f29c
Discovery 2024-02-14
Entry 2024-02-14

Problem Description:

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.

Impact:

Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

References

CVE Name CVE-2024-25941
FreeBSD Advisory SA-24:02.tty

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.