cnvd - cnvd-2020-38783

cnvd-2020-38783

Vulnerability from cnvd

Title

FreeBSD拒绝服务漏洞（CNVD-2020-38783）

Description

FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统，是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。 FreeBSD中存在安全漏洞，该漏洞源于ELF包头解析器没有充分地执行验证。攻击者可借助恶意的ELF二进制文件利用该漏洞造成内核崩溃或泄露内核内存。

Severity

中

Patch Name

FreeBSD拒绝服务漏洞（CNVD-2020-38783）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-6924

Impacted products

Name
['FreeBSD FreeBSD <11.1-STABLE', 'FreeBSD FreeBSD <10.4-STABLE', 'Freebsd Freebsd <11.2-RELEASE-p3', 'Freebsd Freebsd <11.1-RELEASE-p14', 'Freebsd Freebsd <10.4-RELEASE-p12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6924"
    }
  },
  "description": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\n\nFreeBSD\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eELF\u5305\u5934\u89e3\u6790\u5668\u6ca1\u6709\u5145\u5206\u5730\u6267\u884c\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684ELF\u4e8c\u8fdb\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5185\u6838\u5d29\u6e83\u6216\u6cc4\u9732\u5185\u6838\u5185\u5b58\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38783",
  "openTime": "2020-07-14",
  "patchDescription": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\r\n\r\nFreeBSD\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eELF\u5305\u5934\u89e3\u6790\u5668\u6ca1\u6709\u5145\u5206\u5730\u6267\u884c\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684ELF\u4e8c\u8fdb\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5185\u6838\u5d29\u6e83\u6216\u6cc4\u9732\u5185\u6838\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeBSD\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-38783\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "FreeBSD FreeBSD \u003c11.1-STABLE",
      "FreeBSD FreeBSD \u003c10.4-STABLE",
      "Freebsd Freebsd \u003c11.2-RELEASE-p3",
      "Freebsd Freebsd \u003c11.1-RELEASE-p14",
      "Freebsd Freebsd \u003c10.4-RELEASE-p12"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6924",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-16",
  "title": "FreeBSD\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-38783\uff09"
}

CVE-2018-6924 (GCVE-0-2018-6924)

Vulnerability from cvelistv5

Published

2018-09-12 15:00

Modified

2024-09-16 19:30

Severity ?

CWE

Kernel memory disclosure

Summary

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.

References

URL

Tags

	http://www.securitytracker.com/id/1041646	vdb-entry, x_refsource_SECTRACK
	https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc	vendor-advisory, x_refsource_FREEBSD