SB2020012902 - Multiple vulnerabilities in FreeBSD

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2020-7450)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing untrusted input in libfetch(3). A remote attacker can, who can supply a malicious URL to the application that uses libfetch(3), can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Security Features (CVE-ID: CVE-2019-5613)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to a missing anti-reply window check in IPSec implementation. A remote attacker can inject an old packet into the network stream that will be processed by the system.

Successful exploitation of the vulnerability may allow an attacker to manipulate network data, passed via IPSec channel.

3) Information disclosure (CVE-ID: CVE-2019-15875)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the kernel creates a core dump and stores in it up to 20 bytes of kernel data, previously stored on the stack of the crashing process. A local user with ability to crash process can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-20:02.ipsec.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc