Vigil@nce - FreeBSD: memory corruption via ioctl
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a memory corruption via ioctl() of
FreeBSD, in order to trigger a denial of service, and possibly to
execute code.
– Impacted products: FreeBSD, pfSense
– Severity: 2/4
– Creation date: 10/09/2013
DESCRIPTION OF THE VULNERABILITY
The ioctls SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and
SIOCSIFNETMASK can be used the change the IPv4 configuration.
However, if they are used on an IPv6 or ATM interface, the kernel
does not check them. A local attacker can thus corrupt the network
interface configuration.
An attacker can therefore generate a memory corruption via ioctl()
of FreeBSD, in order to trigger a denial of service, and possibly
to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-memory-corruption-via-ioctl-13365