Buffer overflow in FreeBSD - CVE-2020-25577

 

Buffer overflow in FreeBSD - CVE-2020-25577

Published: December 1, 2020


Vulnerability identifier: #VU48743
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-25577
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows an attacker to execute arbitrary code on the target system.

There are two vulnerabilities in rtsold(8) when processing RDNSS and DNSSL options. An  attacker with the ability to connect to a physical network can send specially crafted packets to the daemon, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2020-25577

Install updates from vendor's website.

Sources