Debian kfreebsd-9 DSA-2743-1 Moderate: Privilege Escalation and Info Leak
debian
August 27, 2013
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak
Topics Covered
Summary
Several vulnerabilities have been discovered in the FreeBSD kernel
that may lead to a privilege escalation or information leak. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2013-3077
Clement Lecigne from the Google Security Team reported an integer
overflow in computing the size of a temporary buffer in the IP
multicast code, which can result in a buffer which is too small
for the requested operation. An unprivileged process can read or
write pages of memory which belong to the kernel. These may lead
to exposure of sensitive information or allow privilege
escalation.
CVE-2013-4851
Rick Macklem, Christopher Key and Tim Zingelman reported that the
FreeBSD kernel incorrectly uses client supplied credentials
instead of the one configured in exports(5) when filling out the
anonymous credential for a NFS export, when -network or -host
restrictions are used at the same time. The remote client may
supply privilege...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: kfreebsd-9
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!