Main Vulnerability Database Vulnerabilities #VU39655

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2016-1883

Published: February 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39655

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-1883

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: FreeBSD Foundation

Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.

How to mitigate CVE-2016-1883

Install update from vendor's website.

Sources

http://www.securitytracker.com/id/1034872
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2016-1883

Detailed vulnerability description

How to mitigate CVE-2016-1883

Sources

Please verify you're human