Mateusz Guzik

**Nome do software vulnerável e versões afetadas: Versões do FreeBSD 12.2-STABLE anteriores à r369334 Versões do FreeBSD 11.4-STABLE anteriores à r369335 Versões do FreeBSD 12.2-RELEASE anteriores à p4 Versões do FreeBSD 11.4-RELEASE anteriores à p8 Descrição: O problema ocorre quando um processo, como jexec(8) ou killall(1), chama jail attach(2) para entrar em uma jail. Nesse cenário, o root na jail pode se conectar a ela usando ptrace(2) antes que o diretório de trabalho atual seja alterado. Recomendações: Para versões do FreeBSD 12.2-STABLE anteriores à r369334, atualize para uma versão posterior à r369334. Para versões do FreeBSD 11.4-STABLE anteriores à r369335, atualize para uma versão posterior à r369335. Para versões do FreeBSD 12.2-RELEASE anteriores à p4, atualize para uma versão posterior à p4. Para versões do FreeBSD 11.4-RELEASE anteriores à p8, atualize para uma versão posterior à p8.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 9.3, 10.1, and 10.2 **Description** The issue is related to the handling of Linux futex robust lists in the Linux compatibility layer of the kernel, allowing local users to potentially gain privilege and read portions of kernel memory via unspecified vectors. This is due to insufficient access control in the kernel. **Recommendations** For versions 9.3, 10.1, and 10.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoS versions 3.x **Description** The issue allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by `sosreport-$hostname-$date.tar` in `/tmp/sosreport-$hostname-$date`. **Recommendations** For SoS version 3.x, consider restricting access to the temporary directory where sosreport files are stored to minimize the risk of exploitation. As a temporary workaround, avoid using the sosreport feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6 **Description** The issue is related to a problem in the do filp open function in fs/namei.c, where failure to obtain write permissions is not handled properly. This can be exploited by local users to cause a denial of service, resulting in a system crash, by accessing a filesystem that is mounted read-only. **Recommendations** For Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6, update to version 2.6.32-358.11.1.el6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.8.3 **Description** A race condition issue exists in the install user keyrings function, allowing local users to cause a denial of service through crafted keyctl system calls. This can lead to a NULL pointer dereference and system crash when keyring operations are triggered in simultaneous threads. **Recommendations** For Linux kernel versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to keyctl system calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kfreebsd-8 versions (affected versions not specified) FreeBSD versions 7.3 through 9.0-RC1 **Description** The issue concerns multiple vulnerabilities in the kfreebsd-8 package of the Debian GNU/Linux operating system and a buffer overflow in the kernel of FreeBSD. These vulnerabilities can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. The buffer overflow vulnerability can cause a denial of service or possibly allow privilege escalation via a bind system call with a long pathname for a UNIX socket. **Recommendations** For kfreebsd-8, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For FreeBSD versions 7.3 through 9.0-RC1, consider upgrading to a version later than 9.0-RC1 to resolve the buffer overflow issue. As a temporary workaround, consider restricting access to the bind system call to minimize the risk of exploitation.