Vulnerabilities

Memory leak and privilege escalation vulnerabilities in FreeBSD; millions of devices affected

Reports of multiple security flaws in various technological developments emerged this week. One of the most popular researches in the cybersecurity community concerns at least five vulnerabilities present in the FreeBSD operating system; according to vulnerability assessment specialists, exploiting these flaws allows the deployment of various malicious tasks, such as memory leaks or errors in system resource management.

Below is a brief summary of each of the faults found, alongside with their respective Common Vulnerability Scoring System (CVSS) keys.

CVE-2020-745: This vulnerability exists due to memory
leakage in FreeBSD’s IPv6 implementation when processing network traffic via
TCP, resulting in the disclosure of one byte of core memory with each TCP
SYN-ACK segment sent using the protocol IPv6.

A remote hacker could initiate a TCP connection
using the IPv6 protocol to a vulnerable system and gain access to sensitive
information stored in the kernel.

CVE-2019-15876: This flaw exists due to insufficient privilege
verification in IOCTL. A local threat actor could run a specially designed
application to send arbitrary commands to the firmware of the affected device
in order to perform a privilege escalation on the system, as mentioned by the
vulnerability assessment experts.

CVE-2019-15877: This vulnerability affects the access and
privilege control system and exists due to insufficient verification in IOCTL.
A local threat actor can run a specially designed application to trigger
updates to the device’s non-volatile memory (NVM) and perform a privilege
escalation on the system.

CVE-2020-7452: This flaw exists due to the correct use of the
potentially user-controlled pointer within the epair interface at the kernel
and allows a local threat actor to scale privileges on the compromised system.

CVE-2020-7453: This failure exists due to the lack of NUL
termination verification for the configuration option “osrelease”
jail_set (2), leading to the disclosure of additional kernel memory bytes from
which they were initially configured, mentions the vulnerability assessment
report. Finally, hackers can obtain sensitive information from the affected
system by exploiting this vulnerability.

The International Institute of Cyber Security
(IICS)
mentions that the risk of exploiting these failures is low, and
no public exploits have been identified so far. Mitigations for these failures
are available on the official FreeBSD platform.

Comments
To Top

Pin It on Pinterest

Share This