Date: Thu, 3 Sep 2020 01:00:50 +0000 (UTC) From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r547401 - head/security/vuxml Message-ID: <202009030100.08310omi055095@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: philip Date: Thu Sep 3 01:00:50 2020 New Revision: 547401 URL: https://svnweb.freebsd.org/changeset/ports/547401 Log: security/vuxml: add FreeBSD SA-20:26.dhclient Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Sep 3 01:00:45 2020 (r547400) +++ head/security/vuxml/vuln.xml Thu Sep 3 01:00:50 2020 (r547401) @@ -58,6 +58,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="762b7d4a-ec19-11ea-88f8-901b0ef719ab"> + <topic>FreeBSD -- dhclient heap overflow</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>12.1</ge><lt>12.1_9</lt></range> + <range><ge>11.4</ge><lt>11.4_3</lt></range> + <range><ge>11.3</ge><lt>11.3_13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When parsing option 119 data, dhclient(8) computes the uncompressed domain + list length so that it can allocate an appropriately sized buffer to store + the uncompressed list. The code to compute the length failed to handle + certain malformed input, resulting in a heap overflow when the uncompressed + list is copied into in inadequately sized buffer.</p> + <h1>Impact:</h1> + <p>The heap overflow could in principle be exploited to achieve remote code + execution. The affected process runs with reduced privileges in a Capsicum + sandbox, limiting the immediate impact of an exploit. However, it is + possible the bug could be combined with other vulnerabilities to escape the + sandbox.</p> + </body> + </description> + <references> + <cvename>CVE-2020-7461</cvename> + <freebsdsa>SA-20:26.dhclient</freebsdsa> + </references> + <dates> + <discovery>2020-09-02</discovery> + <entry>2020-09-02</entry> + </dates> + </vuln> + <vuln vid="77b877aa-ec18-11ea-88f8-901b0ef719ab"> <topic>FreeBSD -- SCTP socket use-after-free bug</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009030100.08310omi055095>