SB2019080907 - Multiple vulnerabilities in FreeBSD

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019080907

SB2019080907 - Multiple vulnerabilities in FreeBSD

Published: August 9, 2019 Updated: July 12, 2022

Security Bulletin ID SB2019080907
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 29% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Use-after-free memory corruption in bzip2recover (CVE-ID: CVE-2016-3189)

The vulnerability allows a remote attacker to cause the target application to crash.

The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.

Successful exploitation of this vulnerability will result in denial of service.


2) Out-of-bounds write (CVE-ID: CVE-2019-12900)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the BZ2_decompress() function in decompress.c. A remote attacker can create a specially crafted archive, trick the victim into opening it using the affected library, trigger out-of-bounds write and execute arbitrary code on the target system.

3) Out-of-bounds write (CVE-ID: CVE-2019-5609)

The vulnerability allows a remote authenticated user to compromise vulnerable system.

The vulnerability exists due to a boundary error within bhyve(8) hypervisor when processing TCP packets sent via the e1000 network adapters. A remote user with access to guest operating system can send specially crafted TCP packets, trigger out-of-bounds write and execute arbitrary code on the host system.


4) Out-of-bounds read (CVE-ID: CVE-2019-5610)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the bsnmp software library when decoding ASN.1 data in SNMP packets. A remote authenticated user can send specially crafted SNMP packets, trigger out-of-bounds read error and perform denial of service (DoS) attack.


5) Memory corruption (CVE-ID: CVE-2019-5608)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the MLDv2 listener when processing ICMPv6 packets. A remote attacker can send specially crafted ICMPv6 traffic to the affected system and perform denial of service (DoS) attack.


6) Resource management error (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the threads management process within epoch(9) KPI in FreeBSD kernel. A remote attacker can perform a denial of service attack.


7) Resource management error (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect exception handling within the libunwind library when handling the unwinding of stack frames, when programs throw C or C++ style exceptions. A remote attacker can make the application to produce an exception that may lead to application crash and denial of service attack.


Remediation

Install update from vendor's website.

References