SB2020090303 - Multiple vulnerabilities in FreeBSD
Published: September 3, 2020 Updated: November 30, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Reachable Assertion (CVE-ID: N/A)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of exec(3) calls in Linux ABI layer (Linuxulator) when calling processes with multiple threads. A local user can run a specially crafted program to trigger an assertion failure and cause kernel panic.2) Access of Uninitialized Pointer (CVE-ID: N/A)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to an error in internal interface used by
getfsstat(2) compatibility system. A local unprivileged user can run a program that calls getfsstat(2) with an invalid argument, which causes getfsstat(2) to free an uninitialized pointer and results in kernel panic.
3) Use-after-free (CVE-ID: CVE-2020-7463)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing SCTP messages. A local user can send large user messages from multiple threads on the same socket., trigger a use-after-free error and crash the system.
4) Heap-based buffer overflow (CVE-ID: CVE-2020-7461)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing option 119 data in DHCP packets in dhclient(8). A remote attacker on the local network can send specially crafted data to the DHCP client, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Use-after-free (CVE-ID: CVE-2020-7462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing IPv6 packets. A local user can send IPv6 Hop-by-Hop options over the loopback interface and trigger kernel panic.
Remediation
Install update from vendor's website.
References
- https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc
- https://www.freebsd.org/security/advisories/FreeBSD-EN-20:18.getfsstat.asc
- https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc
- https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc
- https://www.freebsd.org/security/advisories/FreeBSD-SA-20:24.ipv6.asc