FreeBSD : FreeBSD -- Insufficient validation of guest-supplied data (e1000 device) (499b22a3-f680-11e9-a87f-a4badb2f4699)

high Nessus Plugin ID 130243

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ('TSO'). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.

When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. Impact : A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?74f67c33

Plugin Details

Severity: High

ID: 130243

File Name: freebsd_pkg_499b22a3f68011e9a87fa4badb2f4699.nasl

Version: 1.3

Type: local

Published: 10/25/2019

Updated: 4/17/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2019-5609

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 10/24/2019

Vulnerability Publication Date: 8/6/2019

Reference Information

CVE: CVE-2019-5609

FreeBSD: SA-19:21.bhyve