Input validation error in FreeBSD - #VU20352

 

Input validation error in FreeBSD - #VU20352

Published: August 21, 2019


Vulnerability identifier: #VU20352
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incompatibility of firewall rules created with older versions of ipfw(8) utility that support jail keyword. The issue results in rules with the jail keyword are not applied, leading to potential unauthorized access to the services, protected by the firewall rules.


Remediation

Install updates from vendor's website.

Sources