The FreeBSD developers have removed potentially dangerous vulnerability

Posted: December 13, 2014 in Vulnerabilities
Tags:

Vulnerabilities in FreeBSDThis gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.

The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.

According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow.

Norse reported on this vulnerability to the development team FreeBSD, which then  issued a security notice regarding this issue. In addition, the company’s specialists Adrian Chadd and Alfred Perlstein created correcting code and published it in the public domain.

FreeBSD Remote Buffer Overflow Vulnerability

Danger level: High
The presence of fixes: FreeBSD released ports collection updates
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: W / RC: C) = Base: 9.3 / Temporal: 7.5
CVE ID: CVE-2014-8611
Vector of operating: Remote
Impact:  Remote Buffer Overflow

Affected products: FreeBSD 10.x
Affected versions: FreeBSD 10.1 Stable, FreeBSD 10.1 Release

Description:
The vulnerability allows a remote user to compromise a system.

[CVE-2014-8611] The vulnerability is caused due to an error in the function “__sflush ()” in the library libc. This can be exploited to cause a buffer overflow and compromise the vulnerable system.

Solution: Follow the instructions from the manufacturer.

References:
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc


FreeBSD logoFreeBSD is a modern operating system for servers, desktops and embedded computer platforms. Home Page: https://www.freebsd.org/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s