Multiple vulnerabilities in FreeBSD

Published: 2018-04-04

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2018-6918 CVE-2018-6917
CWE-ID	CWE-835 CWE-190
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	FreeBSD Operating systems & Components / Operating system
Vendor	FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU11528

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6918

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the length field of the option header does not count the size of the option header itself and pointer/offset mistakes in the handling of IPv4 options. A remote attacker can trigger infinite loop and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FreeBSD: 11.0 - 11.1

External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-18:05.ipsec.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU11529

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6917

CWE-ID: CWE-190 - Integer overflow