Main Vulnerability Database Vulnerabilities #VU20352

#VU20352 Input validation error in FreeBSD

Published: August 21, 2019

Vulnerability identifier: #VU20352

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incompatibility of firewall rules created with older versions of ipfw(8) utility that support jail keyword. The issue results in rules with the jail keyword are not applied, leading to potential unauthorized access to the services, protected by the firewall rules.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-EN-19:17.ipfw.asc

#VU20352 Input validation error in FreeBSD

Description

Remediation

External links

Please verify you're human