Multiple vulnerabilities in FreeBSD

Aug 21, 2019 04:01 pm Cyber Security 283

Published: 2019-08-21 | Updated: 2019-08-21




Severity
Medium
Patch available
YES
Number of vulnerabilities
5
CVE ID
CVE-2019-5611CVE-2019-5612CVE-2019-5603
CWE ID
CWE-20CWE-399CWE-125CWE-264
Exploitation vector
Network
Public exploit
N/A
Vulnerable software
FreeBSD Subscribe
Vendor
FreeBSD Foundation

Security Advisory



1) Input validation error


Severity: Medium


CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]


CVE-ID: N/A


CWE-ID: CWE-20 - Improper Input Validation


Description

The vulnerability allows a remote attacker to bypass certain security restrictions.


The vulnerability exists due to incompatibility of firewall rules created with older versions of ipfw(8) utility that support jail keyword. The issue results in rules with the jail keyword are not applied, leading to potential unauthorized access to the services, protected by the firewall rules.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

FreeBSD: 11.3


CPE
External links

https://www.freebsd.org/security/advisories/FreeBSD-EN-19:17.ipfw.asc


Q & A


Can this vulnerability be exploited remotely?


Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.


..

Support the originator by clicking the read the rest link below.

multiple vulnerabilities freebsd
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!