PT-2016-1730 · Freebsd · Freebsd

Francisco Falcon

Published

2016-04-08

Updated

2018-10-09

CVE-2016-1885

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 9.3 before p39 FreeBSD versions 10.1 before p31 FreeBSD versions 10.2 before p14

Description The issue is caused by an integer signedness error in the amd64 set ldt function, located in sys/amd64/amd64/sys machdep.c, which leads to a heap-based buffer overflow. This can be exploited by a local attacker using the i386 set ldt system call, resulting in a denial of service (kernel panic).

Recommendations For FreeBSD version 9.3, update to p39 or later. For FreeBSD version 10.1, update to p31 or later. For FreeBSD version 10.2, update to p14 or later.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-01056

CVE-2016-1885

FREEBSD-SA-16_15

Affected Products

Freebsd

PT-2016-1730 · Freebsd · Freebsd

CVE-2016-1885

Weakness Enumeration

Related Identifiers

Affected Products

References · 14