VYPR
Unrated severityNVD Advisory· Published Jan 11, 2007· Updated Jun 16, 2026

CVE-2007-0166

CVE-2007-0166

Description

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • FreeBSD/FreeBSD3 versions
    cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*range: <=6.2
    • cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*
    • (no CPE)range: >=5.3, <=6.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.