Multiple vulnerabilities
Vulnerability: Multiple vulnerabilities in FreeBSD
Danger: Middle
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-4244
CVE-2012-5166
Vector of operation: Remote
Impact: Denial of service
Affected products: FreeBSD 7.4, FreeBSD 8.3, FreeBSD 9.0
Affected versions: FreeBSD 7.4, 8.3, 9.0
Description:
Which can be exploited by malicious people to execute arbitrary code on the target system.
The product contains the vulnerable version of ISC BIND. A detailed description of vulnerabilities can be found here:
https://malwarelist.wordpress.com/2012/11/24/denial-of-service-in-isc-bind/
https://malwarelist.wordpress.com/2012/11/24/denial-of-service-in-isc-bind-2/
Vulnerability: Denial of service in FreeBSD
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-4445
Affected products: FreeBSD 7.4, 8.3, 9.0
Affected versions: FreeBSD 7.4, FreeBSD 8.3, FreeBSD 9.0
Description:
Vulnerability allows a remote user to execute arbitrary code on the target system.
The product contains the vulnerable version of hostapd. A detailed description of vulnerabilities can be found here:
https://malwarelist.wordpress.com/2012/11/24/denial-of-service-in-hostapd/
Vulnerability: Elevation in FreeBSD
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-4576
Vector operation: Local
Impact: Privilege escalation
Affected products:
– FreeBSD 7.4
– FreeBSD 8.3
– FreeBSD 9.0
Affected versions:
FreeBSD 7.4
FreeBSD 8.3
FreeBSD 9.0
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
An error in the processing of certain system calls Linux. This can be exploited to overwrite certain memory objects and increase their privileges.
Manufacturer: URL: http://www.freebsd.org/
Solution: To resolve the vulnerability patch from the manufacturer.
Links:
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:06.bind.asc
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:08.linux.asc
