CVE-2018-17154
https://notcve.org/view.php?id=CVE-2018-17154
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338987), 11.2-RELEASE-p4 y 11.1-RELEASE-p15, debido a una comprobación de memoria insuficiente en la llamada del sistema freebsd4_getfsstat, puede ocurrir una desreferencia de puntero NULL. Los usuarios autenticados no privilegiados podrían ser capaces de provocar una denegación de servicio (DoS). • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc • CWE-476: NULL Pointer Dereference •
CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las etiquetas de bloques de control del protocolo IPv6 mediante varias rutas de error, un usuario local autenticado sin privilegios podría provocar una desreferencia de puntero NULL que haga que el kernel se cierre inesperadamente. • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html • CWE-476: NULL Pointer Dereference •
CVE-2018-6924
https://notcve.org/view.php?id=CVE-2018-6924
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE y 10.4-RELEASE-p12, la validación insuficiente en el analizador de la cabecera ELF podría permitir que un binario ELF malicioso provoque el cierre inesperado del kernel o revele la memoria del kernel. • http://www.securitytracker.com/id/1041646 https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc • CWE-20: Improper Input Validation •
CVE-2018-6923
https://notcve.org/view.php?id=CVE-2018-6923
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al consumo excesivo de recursos del sistema. Este problema puede permitir que un atacante remoto que pueda enviar fragmentos de ip arbitrarios haga que la máquina consuma demasiados recursos. • http://www.securityfocus.com/bid/105336 http://www.securitytracker.com/id/1041505 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-6922
https://notcve.org/view.php?id=CVE-2018-6922
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. Una de las estructuras de datos que contienen segmentos TCP en todas las versiones de FreeBSD anteriores a 11.2-RELEASE-p1, 11.1-RELEASE-p12 y 10.4-RELEASE-p10 emplea un algoritmo ineficiente para volver a ensamblar los datos. Esto provoca que el tiempo de CPU que se gasta en el procesamiento de segmentos crezca linealmente con el número de segmentos en la cola de reensamblado. • http://www.securityfocus.com/bid/105058 http://www.securitytracker.com/id/1041425 https://security.netapp.com/advisory/ntap-20180815-0002 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-400: Uncontrolled Resource Consumption •