This gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.
The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.
According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow.
Norse reported on this vulnerability to the development team FreeBSD, which then issued a security notice regarding this issue. In addition, the company’s specialists Adrian Chadd and Alfred Perlstein created correcting code and published it in the public domain.
FreeBSD Remote Buffer Overflow Vulnerability
Danger level: High
The presence of fixes: FreeBSD released ports collection updates
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: W / RC: C) = Base: 9.3 / Temporal: 7.5
CVE ID: CVE-2014-8611
Vector of operating: Remote
Impact: Remote Buffer Overflow
Affected products: FreeBSD 10.x
Affected versions: FreeBSD 10.1 Stable, FreeBSD 10.1 Release
Description:
The vulnerability allows a remote user to compromise a system.
[CVE-2014-8611] The vulnerability is caused due to an error in the function “__sflush ()” in the library libc. This can be exploited to cause a buffer overflow and compromise the vulnerable system.
Solution: Follow the instructions from the manufacturer.
References:
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
FreeBSD is a modern operating system for servers, desktops and embedded computer platforms. Home Page: https://www.freebsd.org/