SB2020120118 - Multiple vulnerabilities in FreeBSD

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2020-25577)

The vulnerability allows an attacker to execute arbitrary code on the target system.

There are two vulnerabilities in rtsold(8) when processing RDNSS and DNSSL options. An  attacker with the ability to connect to a physical network can send specially crafted packets to the daemon, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Use-after-free (CVE-ID: CVE-2020-7469)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when processing ICMPv6 error message. A remote attacker can send a specially crafted ICMPv6 message, trigger a use-after-free error and read contents of freed kernel memory.

Remediation

Install update from vendor's website.

References

• https://www.freebsd.org/security/advisories/FreeBSD-SA-20:32.rtsold.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-20:31.icmp6.asc