Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

FreeBSD Patches Kernel Security Vulnerabilities

Researchers at Core Security Technologies issued an advisory today on three vulnerabilities in affecting the FreeBSD operating system.

Researchers at Core Security Technologies issued an advisory today on three vulnerabilities in affecting the FreeBSD operating system.

FreeBSD is a Unix-like operating system used to power servers, desktops and embedded platforms. According to the advisory from Core Security, several vulnerabilities were spotted in the FreeBSD kernel code that implements the vt console driver previously known as Newcons as well as the code the implements Stream Control Transmission Protocol [SCTP] sockets. These issues could enable a local, unprivileged attacker to crash the system, disclose kernel memory containing sensitive information and execute arbitrary code with super user privileges.

The FreeBSD Project issued fixes for the issues that are available to users who upgrade to FreeBSD 10.1-RELENG or one of the following reasons: stable/10, 10.1-STABLE releng/10.1, 10.1-RELEASE-p5 releng/10.0, 10.0-RELEASE-p17 stable/9, 9.3-STABLE releng/9.3, 9.3-RELEASE-p9 stable/8, 8.4-STABLE releng/8.4 and 8.4-RELEASE-p23.

The first vulnerability is a sign conversion error in the vt console when handling the VT_WAITACTIVE ioctl message. The issue can be used by a local unprivileged attacker to make the kernel access an array outside of its boundaries, according to Core Security.

“This sign conversion error will make possible for a local attacker to bypass the subsequent boundary check that tries to ensure that i is not greater than VT_MAXWINDOWS before using it as an index to access the vd->vd_windows array,” the advisory notes. “This flaw can be leveraged by a local attacker to make the kernel access the vd->vd_windows array outside of its boundaries.”

The second bug is a memory corruption issue.

“The FreeBSD kernel is prone to a memory corruption vulnerability when setting the SCTP_SS_VALUE SCTP socket option via the setsockopt system call,” according to the Core Security advisory. “This vulnerability can be leveraged by a local unprivileged attacker to corrupt kernel memory with an arbitrary 16-bit value.”

The final issue is a kernel memory disclosure and corruption issue. According to an advisory released by the FreeBSD Project, the SCTP protocol provides reliable, flow-controlled, two-way transmission of data.

Advertisement. Scroll to continue reading.

“It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions,” the Project notes. “SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements.”

“Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory,” the FreeBSD advisory continues.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.