Buffer overflow in FreeBSD



| Updated: 2020-08-11
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2011-4062
CWE-ID CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU44600

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2011-4062

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FreeBSD: 7.3 - 9.0

CPE2.3 External links

https://secunia.com/advisories/46202
https://secunia.com/advisories/46564
https://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc
https://security.freebsd.org/patches/SA-11:05/unix2.patch
https://www.debian.org/security/2011/dsa-2325
https://www.exploit-db.com/exploits/17908
https://www.osvdb.org/75788
https://www.securityfocus.com/bid/49862
https://www.securitytracker.com/id?1026106


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###