CVE-2011-4062

Name of the Vulnerable Software and Affected Versions kfreebsd-8 versions (affected versions not specified) FreeBSD versions 7.3 through 9.0-RC1

Description The issue concerns multiple vulnerabilities in the kfreebsd-8 package of the Debian GNU/Linux operating system and a buffer overflow in the kernel of FreeBSD. These vulnerabilities can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. The buffer overflow vulnerability can cause a denial of service or possibly allow privilege escalation via a bind system call with a long pathname for a UNIX socket.

Recommendations For kfreebsd-8, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For FreeBSD versions 7.3 through 9.0-RC1, consider upgrading to a version later than 9.0-RC1 to resolve the buffer overflow issue. As a temporary workaround, consider restricting access to the bind system call to minimize the risk of exploitation.