[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-1885Date: (C)2016-04-28   (M)2023-12-22


Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.2CVSS Score : 4.9
Exploit Score: 2.5Exploit Score: 3.9
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1035309
http://www.securityfocus.com/archive/1/537813/100/0/threaded
http://www.securityfocus.com/archive/1/537812/100/0/threaded
http://seclists.org/fulldisclosure/2016/Mar/67
EXPLOIT-DB-39570
FreeBSD-SA-16:15
http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html
http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow

CPE    1
cpe:/o:freebsd:freebsd:10.2
CWE    1
CWE-119

© SecPod Technologies