FreeBSD 13 Cap_NET libcasper Allows Unauth Domain Resolution
CVE-2023-5978 Published on November 8, 2023
Incorrect libcap_net limitation list manipulation
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2023-5978
Want to know whenever a new CVE is published for FreeBSD? stack.watch will email you.
Affected Versions
FreeBSD:- Version 13.2-RELEASE and below p5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.