CVE-2018-17155
https://notcve.org/view.php?id=CVE-2018-17155
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. En FreeBSD, en versiones anteriores a 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984) y 10.4-RELEASE-p13, debido a la insuficiente inicialización de la memoria copiada al espacio de usuario en las llamadas del sistema getcontext y swapcontext, podrían divulgarse pequeñas cantidades de memoria del kernel al proceso del espacio de usuario. Los usuarios locales autenticados sin privilegios podrían ser capaces de acceder pequeñas cantidades de datos privilegiados del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-17154
https://notcve.org/view.php?id=CVE-2018-17154
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338987), 11.2-RELEASE-p4 y 11.1-RELEASE-p15, debido a una comprobación de memoria insuficiente en la llamada del sistema freebsd4_getfsstat, puede ocurrir una desreferencia de puntero NULL. Los usuarios autenticados no privilegiados podrían ser capaces de provocar una denegación de servicio (DoS). • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc • CWE-476: NULL Pointer Dereference •
CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las etiquetas de bloques de control del protocolo IPv6 mediante varias rutas de error, un usuario local autenticado sin privilegios podría provocar una desreferencia de puntero NULL que haga que el kernel se cierre inesperadamente. • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html • CWE-476: NULL Pointer Dereference •
CVE-2018-6923
https://notcve.org/view.php?id=CVE-2018-6923
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al consumo excesivo de recursos del sistema. Este problema puede permitir que un atacante remoto que pueda enviar fragmentos de ip arbitrarios haga que la máquina consuma demasiados recursos. • http://www.securityfocus.com/bid/105336 http://www.securitytracker.com/id/1041505 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-6559 – The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow
https://notcve.org/view.php?id=CVE-2016-6559
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. • http://www.securitytracker.com/id/1037398 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc https://www.kb.cert.org/vuls/id/548487 https://www.securityfocus.com/bid/94694 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •