Multiple vulnerabilities in FreeBSD

Published: 2019-02-06 | Updated: 2019-02-06

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2019-5596 CVE-2019-5595
CWE-ID	CWE-120 CWE-200
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	FreeBSD Operating systems & Components / Operating system
Vendor	FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU17378

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5596

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists in /dev/fd/due to the application attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. A local attacker can cause the reference counter to wrap around and free the file structure and gain root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 12.0

CPE2.3

cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*

External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU17379

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5595

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls. A local attacker can gain unauthorized access to an address of some kernel data structure used in the syscall implementation.