Multiple vulnerabilities in FreeBSD



Published: 2020-05-12
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-15878
CVE-2019-15879
CVE-2019-15880
CWE-ID CWE-416
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
FreeBSD
Operating systems & Components / Operating system

Vendor FreeBSD Foundation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU27861

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15878

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the SCTP layer does improper checking when an application tries to update a shared key. A local user can trigger a use-after-free error by specific sequences of updating shared keys and closing the SCTP association and cause a kernel panic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 11.3 - 12.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-20:14.sctp.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU27862

Risk: Low

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15879

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in cryptodev module. A local user can run a specially crafted application to trigger a use-after-free error and overwrite arbitrary kernel memory.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 11.0 - 12.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-20:15.cryptodev.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU27863

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15880

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied MAC key length in cryptodev module. A local user can pass an overly long MAC key and cause kernel panic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.1


CPE2.3 External links

http://www.freebsd.org/security/advisories/FreeBSD-SA-20:16.cryptodev.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###