#VU44600 Buffer overflow in FreeBSD
Vulnerability identifier: #VU44600
Vulnerability risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
FreeBSD
Operating systems & Components /
Operating system
Vendor: FreeBSD Foundation
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FreeBSD: 7.3 - 9.0
External links
http://secunia.com/advisories/46202
http://secunia.com/advisories/46564
http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc
http://security.freebsd.org/patches/SA-11:05/unix2.patch
http://www.debian.org/security/2011/dsa-2325
http://www.exploit-db.com/exploits/17908
http://www.osvdb.org/75788
http://www.securityfocus.com/bid/49862
http://www.securitytracker.com/id?1026106
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
