Multiple vulnerabilities have been found in the FreeBSD kernel code.
FreeBSD Kernel Multiple Vulnerabilities
Danger level: middle
The presence of fixes: Yes
The number of vulnerabilities: 3
CVSSv2 rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 4.9 / Temporal: 3.6
(AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.2 / Temporal: 5.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 2.1 / Temporal: 1.6
CVE ID: CVE-2014-0998; CVE-2014-8612; CVE-2014-8613
Vector of exploitation: Local
Impact: Denial of service, Disclosure of sensitive data, system compromise
Affected products: FreeBSD 10.x
Affected versions: FreeBSD 10.1-RELEASE, possibly other versions
Description:
These vulnerabilitiescould allow a local user to compromise a vulnerable system.
1. [CVE-2014-0998] – The vulnerability is caused due to an error in the console driver vt, occurs when processing a message VT_WAITACTIVE ioctl. A local user could trigger a reboot of the target system.
2. [CVE-2014-8612] – The vulnerability is caused due to an error in the implementation of the Stream Control Transmission Protocol (SCTP). A local user may be using the system call getsockopt / setsockopt exploited to corrupt memory and execute arbitrary code on the target system.
3. [CVE-2014-8612] – The vulnerability is caused due to other errors in the implementation of Stream Control Transmission Protocol (SCTP), related reading values socket option SCTP_SS_VALUE SCTP through the system call getsockopt. A local user can open the 16-bit values of kernel memory.
4. [CVE-2014-8613] The vulnerability is associated with the ability to initiate a null pointer dereference in the processing of externally derived SCTP-package. The problem can be used for remote call kernel crash on the system by sending a specially designed packages. The problem also does not occur on systems that are not treated with the compound SCTP.
These vulnerabilities could allow local unprivileged attackers to execute arbitrary code with superuser privileges.
Note: These vulnerabilities does not affect FreeBSD 10.1-RELENG.
Solution: Install the hotfix from the manufacturer.
Manufacturer’s URL: https://www.freebsd.org/
References:
http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities