PT-2015-3604 · Freebsd · Freebsd

Francisco Falcon

Published

2015-02-02

Updated

2018-10-09

CVE-2014-0998

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions 9.3 before p10 FreeBSD versions 10.1 before p6

Description The issue is caused by an integer signedness error in the vt console driver, which allows local users to cause a denial of service and possibly gain privileges. This is achieved by passing a negative value in a VT WAITACTIVE ioctl call, resulting in an array index error and out-of-bounds kernel memory access.

Recommendations For FreeBSD versions 9.3 before p10, update to p10 or later to resolve the issue. For FreeBSD versions 10.1 before p6, update to p6 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2014-0998

Affected Products

Freebsd

PT-2015-3604 · Freebsd · Freebsd

CVE-2014-0998

Weakness Enumeration

Related Identifiers

Affected Products

References · 6