Kernel Multiple Vulnerabilities in FreeBSD

Posted: January 28, 2015 in Vulnerabilities
Tags: ,

Vulnerabilities in FreeBSDMultiple vulnerabilities have been found in the FreeBSD kernel code.

FreeBSD Kernel Multiple Vulnerabilities

Danger level: middle
The presence of fixes: Yes
The number of vulnerabilities: 3

CVSSv2 rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 4.9 / Temporal: 3.6
(AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.2 / Temporal: 5.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 2.1 / Temporal: 1.6
CVE ID: CVE-2014-0998; CVE-2014-8612; CVE-2014-8613

Vector of exploitation: Local
Impact: Denial of service, Disclosure of sensitive data, system compromise

Affected products: FreeBSD 10.x
Affected versions: FreeBSD 10.1-RELEASE, possibly other versions

These vulnerabilitiescould allow a local user to compromise a vulnerable system.

1. [CVE-2014-0998] – The vulnerability is caused due to an error in the console driver vt, occurs when processing a message VT_WAITACTIVE ioctl. A local user could trigger a reboot of the target system.

2. [CVE-2014-8612] – The vulnerability is caused due to an error in the implementation of the Stream Control Transmission Protocol (SCTP). A local user may be using the system call getsockopt / setsockopt exploited to corrupt memory and execute arbitrary code on the target system.

3. [CVE-2014-8612] – The vulnerability is caused due to other errors in the implementation of Stream Control Transmission Protocol (SCTP), related reading values socket option SCTP_SS_VALUE SCTP through the system call getsockopt. A local user can open the 16-bit values of kernel memory.

4. [CVE-2014-8613] The vulnerability is associated with the ability to initiate a null pointer dereference in the processing of externally derived SCTP-package. The problem can be used for remote call kernel crash on the system by sending a specially designed packages. The problem also does not occur on systems that are not treated with the compound SCTP.

These vulnerabilities could allow local unprivileged attackers to execute arbitrary code with superuser privileges.

Note: These vulnerabilities does not affect FreeBSD 10.1-RELENG.

Solution: Install the hotfix from the manufacturer.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s