CVE-2016-1885 - OpenCVE

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:9.3:::::::*
	cpe:2.3:o:freebsd:freebsd:10.1:::::::*
	cpe:2.3:o:freebsd:freebsd:10.2:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html
http://seclists.org/fulldisclosure/2016/Mar/56
http://seclists.org/fulldisclosure/2016/Mar/67
http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow
http://www.securityfocus.com/archive/1/537812/100/0/threaded
http://www.securityfocus.com/archive/1/537813/100/0/threaded
http://www.securitytracker.com/id/1035309
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc
https://www.exploit-db.com/exploits/39570/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-08T16:00:00

Updated: 2024-08-05T23:10:40.054Z

Reserved: 2016-01-13T00:00:00

Link: CVE-2016-1885

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-04-12T02:00:06.243

Modified: 2018-10-09T19:59:29.553

Link: CVE-2016-1885

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-16T00:00:00", "descriptions": [{"lang": "en", "value": "Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "39570", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39570/"}, {"name": "FreeBSD-SA-16:15", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/56"}, {"name": "20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Mar/67"}, {"name": "1035309", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035309"}, {"name": "20160316 Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537813/100/0/threaded"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537812/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1885", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39570", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39570/"}, {"name": "FreeBSD-SA-16:15", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"}, {"name": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/56"}, {"name": "20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Mar/67"}, {"name": "1035309", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035309"}, {"name": "20160316 Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537813/100/0/threaded"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537812/100/0/threaded"}, {"name": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:10:40.054Z"}, "title": "CVE Program Container", "references": [{"name": "39570", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39570/"}, {"name": "FreeBSD-SA-16:15", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/56"}, {"name": "20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Mar/67"}, {"name": "1035309", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035309"}, {"name": "20160316 Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537813/100/0/threaded"}, {"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/537812/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1885", "datePublished": "2016-04-08T16:00:00", "dateReserved": "2016-01-13T00:00:00", "dateUpdated": "2024-08-05T23:10:40.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "57052F01-8695-4C63-A947-7671375B9312", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "21EFF723-7B5A-4712-8A6B-56CADAA4BFD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Error de entero sin signo en la funci\u00f3n amd64_set_ldt en sys/amd64/amd64/sys_machdep.c en FreeBSD 9.3 en versiones anteriores a p39, 10.1 en versiones anteriores a p31 y 10.2 en versiones anteriores a p14 permite a usuarios locales provocar una denegaci\u00f3n de servicio (p\u00e1nico en el kernel) a trav\u00e9s de una llamada i386_set_ldt system, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica."}], "id": "CVE-2016-1885", "lastModified": "2018-10-09T19:59:29.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-12T02:00:06.243", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/56"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2016/Mar/67"}, {"source": "cve@mitre.org", "url": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/537812/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/537813/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035309"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/39570/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}