CVE-2018-6920
https://notcve.org/view.php?id=CVE-2018-6920
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. En FreeBSD, en versiones anteriores a la 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321) y 10.4-RELEASE-p9, debido a la insuficiente inicialización de la memoria copiada en userland en el subsistema de Linux y el controlador inalámbrico de Atheros, pequeñas cantidades de la memoria del kernel pueden divulgarse a los procesos de userland. Los usuarios locales sin privilegios autenticados podrían ser capaces de acceder a pequeñas cantidades de datos privilegiados del kernel. • http://www.securityfocus.com/bid/104114 https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6917
https://notcve.org/view.php?id=CVE-2018-6917
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, la validación insuficiente de parámetros de fuente proporcionados por el usuario pueden resultar en un desbordamiento de enteros que conduce al uso de memoria arbitraria del kernel como datos glyph. Los usuarios sin privilegios podrían ser capaces de acceder a datos privilegiados del kernel. • http://www.securityfocus.com/bid/103668 http://www.securitytracker.com/id/1040629 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:04.vt.asc • CWE-190: Integer Overflow or Wraparound •
CVE-2018-6918
https://notcve.org/view.php?id=CVE-2018-6918
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, el campo length de la cabecera de opción ipsec no cuenta el tamaño de la propia cabecera de opción. Esto provoca un bucle infinito cuando la longitud es cero. Este problema puede permitir que un atacante remoto que pueda enviar un paquete arbitrario haga que la máquina se cierre inesperadamente. • http://seclists.org/fulldisclosure/2019/Jun/6 http://www.securityfocus.com/bid/103666 http://www.securitytracker.com/id/1040628 https://seclists.org/bugtraq/2019/May/77 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc https://support.apple.com/kb/HT210090 https://support.apple.com/kb/HT210091 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-6919
https://notcve.org/view.php?id=CVE-2018-6919
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, debido a la insuficiente inicialización de la memoria copiada al espacio de usuario. Los usuarios sin privilegios podrían ser capaces de acceder pequeñas cantidades de datos privilegiados del kernel. • http://www.securityfocus.com/bid/103760 https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-13078 – wpa_supplicant: Reinstallation of the group key in the 4-way handshake
https://notcve.org/view.php?id=CVE-2017-13078
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave temporal GTK (Group Temporal Key) durante la negociación en cuatro pasos, haciendo que un atacante en el rango de radio reproduzca frames desde los puntos de acceso hasta los clientes. A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake. • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt http://www.debian.org/security/2017/dsa-3999 http://www.kb.cert.org/vuls/id/228519 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-a • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •