SB2018040421 - Multiple vulnerabilities in FreeBSD
Published: April 4, 2018 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2017-1082)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.
2) Information disclosure (CVE-ID: CVE-2018-6920)
The vulnerability allows a local authenticated user to gain access to sensitive information.
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
3) Information disclosure (CVE-ID: CVE-2018-6921)
The vulnerability allows a local authenticated user to gain access to sensitive information.
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
4) Information disclosure (CVE-ID: CVE-2018-6919)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.
Remediation
Install update from vendor's website.
References
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- http://www.securityfocus.com/bid/104114
- https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
- http://www.securityfocus.com/bid/104118
- http://www.securityfocus.com/bid/103760
- https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc