| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in FreeBSD up to 6.0 and classified as critical. Impacted is an unknown function of the component SMBFS. Performing a manipulation with the input ..\ results in path traversal.
This vulnerability is identified as CVE-2006-2654. There is not any exploit available.
The affected component should be upgraded.
Details
A vulnerability, which was classified as critical, was found in FreeBSD up to 6.0 (Operating System). This affects an unknown part of the component SMBFS. The manipulation with the input value ..\ leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
The bug was discovered 05/31/2006. The weakness was released 06/01/2006 by Mark HoltmMoseleyann (LINUX) (Website). It is possible to read the advisory at security.freebsd.org. This vulnerability is uniquely identified as CVE-2006-2654 since 05/30/2006. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1006 according to MITRE ATT&CK.
After before and not just, there has been an exploit disclosed. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 56852 (Fedora 15 : krb5-1.9.1-14.fc15 (2011-14673)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l.
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at security.FreeBSD.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 6 years after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (26860), Tenable (56852), SecurityFocus (BID 18202†), OSVDB (25851†) and Secunia (SA20390†). Entry connected to this vulnerability is available at VDB-2274. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.freebsd.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 56852
Nessus Name: Fedora 15 : krb5-1.9.1-14.fc15 (2011-14673)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 56852
OpenVAS Name: FreeBSD Security Advisory (FreeBSD-SA-06:16.smbfs.asc)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: security.FreeBSD.org
Timeline
05/30/2006 🔍05/31/2006 🔍
05/31/2006 🔍
05/31/2006 🔍
06/01/2006 🔍
06/01/2006 🔍
06/01/2006 🔍
06/01/2006 🔍
06/01/2006 🔍
06/01/2006 🔍
06/02/2006 🔍
03/05/2009 🔍
10/20/2011 🔍
11/16/2011 🔍
03/13/2021 🔍
Sources
Product: freebsd.orgAdvisory: security.freebsd.org
Researcher: Mark HoltmMoseleyann (LINUX)
Status: Confirmed
CVE: CVE-2006-2654 (🔍)
GCVE (CVE): GCVE-0-2006-2654
GCVE (VulDB): GCVE-100-2271
X-Force: 26860 - FreeBSD smbfs directory traversal, Low Risk
SecurityFocus: 18202 - FreeBSD SMBFS CHRoot Security Restriction Bypass Vulnerability
Secunia: 20390 - FreeBSD SMBFS chroot Directory Traversal Vulnerability, Less Critical
OSVDB: 25851 - FreeBSD SMBFS Traversal chroot Bypass
SecurityTracker: 1016194
Vulnerability Center: 21157 - FreeBSD 4.10 - 6.1 Smbfs Local Directory Traversal Vulnerability via \, Medium
See also: 🔍
Entry
Created: 06/02/2006 12:59Updated: 03/13/2021 06:12
Changes: 06/02/2006 12:59 (96), 08/28/2019 21:09 (3), 03/13/2021 06:12 (3)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.