FreeBSD : FreeBSD -- Insufficient credential checks in network ioctl(2) (4d87d357-202c-11e3-be06-000c29ee3065)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Problem Description :

As is commonly the case, the IPv6 and ATM network layer ioctl request
handlers are written in such a way that an unrecognized request is
passed on unmodified to the link layer, which will either handle it or
return an error code.

Network interface drivers, however, assume that the SIOCSIFADDR,
SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been
handled at the network layer, and therefore do not perform input
validation or verify the caller's credentials. Typical link-layer
actions for these requests may include marking the interface as 'up'
and resetting the underlying hardware.

Impact :

An unprivileged user with the ability to run arbitrary code can cause
any network interface in the system to perform the link layer actions
associated with a SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR or
SIOCSIFNETMASK ioctl request; or trigger a kernel panic by passing a
specially crafted address structure which causes a network interface
driver to dereference an invalid pointer.

Although this has not been confirmed, the possibility that an attacker
may be able to execute arbitrary code in kernel context can not be
ruled out.

See also :

http://www.nessus.org/u?b2fe6d00

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 70261 ()

Bugtraq ID: 62302

CVE ID: CVE-2013-5691

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now