Detections
Analytics

FreeBSD : FreeBSD -- Kernel stack disclosure in UFS/FFS (ff82610f-b309-11e9-a87f-a4badb2f4699)

medium Nessus Plugin ID 127558

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. Impact : Some amount of the kernel stack is disclosed and written out to the filesystem.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?731b62ea

Plugin Details

Severity: Medium

ID: 127558

File Name: freebsd_pkg_ff82610fb30911e9a87fa4badb2f4699.nasl

Version: 1.2

Type: local

Published: 8/12/2019

Updated: 1/6/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/30/2019

Vulnerability Publication Date: 7/2/2019

Reference Information

CVE: CVE-2019-5601

FreeBSD: SA-19:10.ufs