FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
BID:31002
Info
FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
| Bugtraq ID: | 31002 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3531 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 03 2008 12:00AM |
| Updated: | Aug 21 2009 03:54PM |
| Credit: | James Gritton |
| Vulnerable: |
FreeBSD FreeBSD 7.0-STABLE FreeBSD FreeBSD 7.0-RELEASE |
| Not Vulnerable: | |
Discussion
FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.
A local attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.
FreeBSD 7.0-RELEASE and 7.0-STABLE are vulnerable.
FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.
A local attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.
FreeBSD 7.0-RELEASE and 7.0-STABLE are vulnerable.
Exploit / POC
FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code is available.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code is available.
Solution / Fix
FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
Solution:
Fixes are available. Please see the references for more information.
FreeBSD FreeBSD 7.0-RELEASE
FreeBSD FreeBSD 7.0-STABLE
Solution:
Fixes are available. Please see the references for more information.
FreeBSD FreeBSD 7.0-RELEASE
-
FreeBSD nmount.patch
http://security.FreeBSD.org/patches/SA-08:08/nmount.patch
FreeBSD FreeBSD 7.0-STABLE
-
FreeBSD nmount.patch
http://security.FreeBSD.org/patches/SA-08:08/nmount.patch
References
FreeBSD 'mount(2)' and 'nmount(2)' Multiple Stack Buffer Overflow Vulnerabilities
References:
References:
- FreeBSD Homepage (FreeBSD)
- FreeBSD Security Advisory FreeBSD-SA-08:08.nmount (FreeBSD Security Advisories