FreeBSD : FreeBSD -- Insufficient credential checks in network ioctl(2) (4d87d357-202c-11e3-be06-000c29ee3065)

medium Nessus Plugin ID 70261

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Problem Description :

As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code.

Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as 'up' and resetting the underlying hardware.

Impact :

An unprivileged user with the ability to run arbitrary code can cause any network interface in the system to perform the link layer actions associated with a SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR or SIOCSIFNETMASK ioctl request; or trigger a kernel panic by passing a specially crafted address structure which causes a network interface driver to dereference an invalid pointer.

Although this has not been confirmed, the possibility that an attacker may be able to execute arbitrary code in kernel context cannot be ruled out.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?936679e3

Plugin Details

Severity: Medium

ID: 70261

File Name: freebsd_pkg_4d87d357202c11e3be06000c29ee3065.nasl

Version: 1.8

Type: local

Published: 10/2/2013

Updated: 1/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 9/19/2013

Vulnerability Publication Date: 9/10/2013

Reference Information

CVE: CVE-2013-5691

BID: 62302

FreeBSD: SA-13:12.ifioctl