Arbitrary code execution in FreeBSD - #VU823
Published: October 10, 2016 / Updated: October 11, 2016
Vulnerability identifier: #VU823
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness occurs in portsnap application and is caused by improper validation of snapshot files of the FreeBSD ports tree when downloading. Using privileges of the affected application a malicious user that can perform man-in-the-middle attack trick the target system to download and execute certain files.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness occurs in portsnap application and is caused by improper validation of snapshot files of the FreeBSD ports tree when downloading. Using privileges of the affected application a malicious user that can perform man-in-the-middle attack trick the target system to download and execute certain files.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Remediation
Update patched versions:
- 10.x (https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch);
- 9.3 (https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch).
- 10.x (https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch);
- 9.3 (https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch).