FreeBSD : FreeBSD -- Incorrect argument validation in sysarch(2) (7b6a11b5-600a-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A special combination of sysarch(2) arguments, specify a request to
uninstall a set of descriptors from the LDT. The start descriptor is
cleared and the number of descriptors are provided. Due to lack of
sufficient bounds checking during argument validity verification,
unbound zero'ing of the process LDT and adjacent memory can be
initiated from usermode. Impact : This vulnerability could cause the
kernel to panic. In addition it is possible to perform a local Denial
of Service against the system by unprivileged processes.

See also :

http://www.nessus.org/u?5a8ff16b

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92922 ()

Bugtraq ID:

CVE ID: CVE-2016-1885

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now