Arbitrary command execution in FreeBSD - #VU826
Published: October 10, 2016 / Updated: October 11, 2016
Vulnerability identifier: #VU826
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary commands on the target system.
The weakness occurs in portsnap and exists due to insufficicient validation of downloaded tar files. By sending a specially crafted tar file attackers can cause arbitrary commands execution. A malicious user possessing elevated privileges is able to compromise the system completely.
Successful exploitation of the vulnerability leads to arbitrary command execution on the vulnerable system.
The weakness occurs in portsnap and exists due to insufficicient validation of downloaded tar files. By sending a specially crafted tar file attackers can cause arbitrary commands execution. A malicious user possessing elevated privileges is able to compromise the system completely.
Successful exploitation of the vulnerability leads to arbitrary command execution on the vulnerable system.
Remediation
Update patched versions:
- 10.x (https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch);
- 9.3 (https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch).
- 10.x (https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch);
- 9.3 (https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch).