Denial of service when processing ELF binaries in FreeBSD

Published: 2018-09-12 20:51:49
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-6924
CVSSv3 5.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software FreeBSD
Vulnerable software versions FreeBSD 11.0
FreeBSD 11.2
FreeBSD 11.1
FreeBSD 10.4
Vendor URL FreeBSD Foundation

Security Advisory

1) Input validation error

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in ELF header parser. A remote attacker can create a specially crafted binary, trick the use into executing it and disclose kernel memory or crash the kernel.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-18:12.elf.asc

Back to List