Multiple vulnerabilities in FreeBSD
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2016-3189 CVE-2019-12900 CVE-2019-5609 CVE-2019-5610 CVE-2019-5608 |
| CWE-ID | CWE-416 CWE-787 CWE-125 CWE-119 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free memory corruption in bzip2recover
EUVDB-ID: #VU12
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3189
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause the target application to crash.
The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.
Successful exploitation of this vulnerability will result in denial of service.
MitigationFreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU19178
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12900
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionFreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU20024
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5609
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to compromise vulnerable system.
The vulnerability exists due to a boundary error within bhyve(8) hypervisor when processing TCP packets sent via the e1000 network adapters. A remote user with access to guest operating system can send specially crafted TCP packets, trigger out-of-bounds write and execute arbitrary code on the host system.
MitigationFreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-949/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU20023
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5610
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the bsnmp software library when decoding ASN.1 data in SNMP packets. A remote authenticated user can send specially crafted SNMP packets, trigger out-of-bounds read error and perform denial of service (DoS) attack.
MitigationFreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-19:20.bsnmp.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU20022
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the MLDv2 listener when processing ICMPv6 packets. A remote attacker can send specially crafted ICMPv6 traffic to the affected system and perform denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-19:19.mldv2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU20021
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the threads management process within epoch(9) KPI in FreeBSD kernel. A remote attacker can perform a denial of service attack.
FreeBSD: 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-EN-19:14.epoch.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU20020
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect exception handling within the libunwind library when handling the unwinding of stack frames, when programs throw C or C++ style exceptions. A remote attacker can make the application to produce an exception that may lead to application crash and denial of service attack.
Vulnerable software versions
FreeBSD: 11.2 - 12.0
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-EN-19:15.libunwind.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
