SB2019082109 - Multiple vulnerabilities in FreeBSD
Published: August 21, 2019 Updated: March 29, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Input validation error (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incompatibility of firewall rules created with older versions of ipfw(8) utility that support jail keyword. The issue results in rules with the jail keyword are not applied, leading to potential unauthorized access to the services, protected by the firewall rules.
2) Resource management error (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent handling of certain instructions in bhyve(8). A remote attacker with access to guest operating system can use the unsupported instructions to crash the bhyve hypervisor.
3) Input validation error (CVE-ID: CVE-2019-5611)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check in the code of m_pulldown(9) when processing IPv6 packets. A remote attacker can send specially crafted IPv6 traffic to the affected system and perform denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2019-5612)
The vulnerability allows a local user to gain access to potentially sensitive information.The vulnerability exists due to a boundary condition in the kernel driver for /dev/midistat. A local user can trigger out-of-bounds read error and read kernel memory contents.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5603)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a reference count overflow within the mqueuefs(5). A local user can obtain access to files, directories, sockets opened by processes owned by other users, including access to files outside of the jail. A local user can run a specially crafted application to gain elevated privileges on the system.
Remediation
Install update from vendor's website.
References
- https://www.freebsd.org/security/advisories/FreeBSD-EN-19:17.ipfw.asc
- https://www.freebsd.org/security/advisories/FreeBSD-EN-19:16.bhyve.asc
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc
- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc
- http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc
- https://security.netapp.com/advisory/ntap-20190814-0003/