FreeBSD 10.3 / 10.4 / 11.0 / 11.1 : ptrace / kldstat Information Disclosure Vulnerabilities (FreeBSD-SA-17:08.ptrace) (FreeBSD-SA-17:10.kldstat)

medium Nessus Plugin ID 104970

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p24, 10.4 prior to 10.4-RELEASE-p3, 11.0 prior to 11.0-RELEASE-p15, or 11.1 prior to 11.1-RELEASE-p4. It is, therefore, affected by a potential information disclosure vulnerabilities in ptrace and kldstat. An authenticated, remote attacker can exploit this issue by creating new ptrace_lwpinfo or kld_file_stat structs, which may potentially contain unsanitized information from the kernel.

Solution

Upgrade to the appropriate FreeBSD version.

See Also

http://www.nessus.org/u?5cbf9347

http://www.nessus.org/u?3255f141

Plugin Details

Severity: Medium

ID: 104970

File Name: freebsd_sa-17-08_ptrace_10_kldstat.nasl

Version: 1.8

Type: local

Published: 12/1/2017

Updated: 9/17/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-1088

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2017

Vulnerability Publication Date: 11/15/2017

Reference Information

CVE: CVE-2017-1086, CVE-2017-1088

BID: 101857, 101861