Main Vulnerability Database Vulnerabilities #VU16627

#VU16627 Stack-based buffer overflow in FreeBSD - CVE-2018-17161

Published: December 19, 2018 / Updated: December 20, 2018

Vulnerability identifier: #VU16627

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-17161

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow when handling network-provided data. A remote unauthenticated attacker can supply a specially crafted bootp packet, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://lists.freebsd.org/pipermail/freebsd-announce/2018-December/001857.html