FreeBSD : FreeBSD -- dhclient heap overflow (762b7d4a-ec19-11ea-88f8-901b0ef719ab)

high Nessus Plugin ID 140236

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer. Impact : The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. However, it is possible the bug could be combined with other vulnerabilities to escape the sandbox.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9dfa738b

Plugin Details

Severity: High

ID: 140236

File Name: freebsd_pkg_762b7d4aec1911ea88f8901b0ef719ab.nasl

Version: 1.3

Type: local

Published: 9/4/2020

Updated: 4/6/2021

Configuration: Enable paranoid mode

Risk Information

CVSS Score Source: CVE-2020-7461

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2020

Vulnerability Publication Date: 9/2/2020

Reference Information

CVE: CVE-2020-7461

FreeBSD: SA-20:26.dhclient