FreeBSD : FreeBSD -- bhyve - privilege escalation vulnerability (a479a725-9adb-11e6-a298-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

An unchecked array reference in the VGA device emulation code could
potentially allow guests access to the heap of the bhyve process.
Since the bhyve process is running as root, this may allow guests to
obtain full control of the hosts they are running on. Impact : For
bhyve virtual machines with the 'fbuf' framebuffer device configured,
if exploited, a malicious guest could obtain full access to not just
the host system, but to other virtual machines running on the system.

See also :

http://www.nessus.org/u?9057c948

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 94263 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now