Heap-based Buffer Overflow in FreeBSD - #VU825
Published: October 10, 2016 / Updated: October 11, 2016
Vulnerability identifier: #VU825
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote anauthenticated user to execute arbitrary code or trigger DoS conditions on the target system.
The weakness is due to improper input validation by the bspatch utility. By installing or tricking the victim to upload a specially crafted patch file attackers can cause a heap overflow that may lead to system crash. Besides, a malicious user with elevated privileges can trigger arbitrary code execution on the vulnerable system.
Successful exploitation of the vulnerability allows remote attackers to compromise the system completely.
The weakness is due to improper input validation by the bspatch utility. By installing or tricking the victim to upload a specially crafted patch file attackers can cause a heap overflow that may lead to system crash. Besides, a malicious user with elevated privileges can trigger arbitrary code execution on the vulnerable system.
Successful exploitation of the vulnerability allows remote attackers to compromise the system completely.
Remediation
Update patched versions:
https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch
https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch