Multiple vulnerabilities in in FreeBSD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-7467 CVE-2020-7468 CVE-2020-24718 CVE-2020-7464 |
| CWE-ID | CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU46744
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7467
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists in bhyve(8) hypervisor when processing instructions for AMD procesors sent from guest operating environmentas a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions is not trapped.
A remote user with access to guest operating system can run a specially crafted program to write to arbitrary memory locations on the host operating system.
Successful exploitation of the vulnerability may allow an attacker to gain full control over the host operating system.
Note, the vulnerability affects systems running bhyve(8) on AMD processors only.
Install update from vendor's website.
Vulnerable software versionsFreeBSD: 11.0 - 12.2
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU46743
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7468
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error in ftpd(8) sandbox implementation, combined with capabilities available to authenticated FTP users. A remote FTP user can bypass restrictions, configured with ftpchroot(5) and gain privileged access to the system.
Note, this vulnerability cannot be exploited by users with anonymous access to FTP server.
Install update from vendor's website.
Vulnerable software versionsFreeBSD: 11.0 - 12.2
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU46742
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24718
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists in bhyve(8) hypervisor due to application does not properly impose security restrictions. A remote root user on the host within jailed environment can run a specially crafted program to execute arbitrary code on systems that rely on bhyve(8) in jail for security domain separation.
Install update from vendor's website.
Vulnerable software versionsFreeBSD: 11.0 - 12.2
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU46741
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7464
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input in ure(3) device driver for certain Realtek USB Ethernet interfaces when processing network packets larger than 2048 bytes. A remote attacker can send large frames (these can be VLAN or non-VLAN tagged packet) to the affected host and inject arbitrary packets to be received and processed by the host. As a result, an attacker can spoof packets from other hosts or inject packets into other VLANs than the host is on.
Install update from vendor's website.
Vulnerable software versionsFreeBSD: 11.0 - 12.2
External linkshttp://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
