Vulnerability-Lookup

CNVD-2018-25187

Vulnerability from cnvd - Published: 2018-12-12

Title

FreeBSD代码执行漏洞

Description

FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统，是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。 FreeBSD 11.2-STABLE(r341486)之前版本和11.2-RELEASE-p6之前版本中存在安全漏洞。攻击者可利用该漏洞造成bhyve进程崩溃或以root权限在主机上执行任意代码。

Severity

高

Patch Name

FreeBSD代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-17160

Impacted products

Name
['FreeBSD FreeBSD <11.2-STABLE(r341486)', 'FreeBSD FreeBSD <11.2-RELEASE-p6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17160"
    }
  },
  "description": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\n\nFreeBSD 11.2-STABLE(r341486)\u4e4b\u524d\u7248\u672c\u548c11.2-RELEASE-p6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210bhyve\u8fdb\u7a0b\u5d29\u6e83\u6216\u4ee5root\u6743\u9650\u5728\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Reno Robert",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25187",
  "openTime": "2018-12-12",
  "patchDescription": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\r\n\r\nFreeBSD 11.2-STABLE(r341486)\u4e4b\u524d\u7248\u672c\u548c11.2-RELEASE-p6\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210bhyve\u8fdb\u7a0b\u5d29\u6e83\u6216\u4ee5root\u6743\u9650\u5728\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeBSD\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "FreeBSD FreeBSD \u003c11.2-STABLE(r341486)",
      "FreeBSD FreeBSD \u003c11.2-RELEASE-p6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-17160",
  "serverity": "\u9ad8",
  "submitTime": "2018-12-05",
  "title": "FreeBSD\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-17160 (GCVE-0-2018-17160)

Vulnerability from cvelistv5 – Published: 2018-12-04 21:00 – Updated: 2024-08-05 10:39

Summary

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

Severity

No CVSS data available.

CWE

Insufficient bounds checking

Assigner

freebsd

References

2 references

URL	Tags
https://security.freebsd.org/advisories/FreeBSD-S…	vendor-advisoryx_refsource_FREEBSD
http://www.securityfocus.com/bid/106210	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
FreeBSD	FreeBSD	Affected: FreeBSD 11.2 before 11.2-RELEASE-p6

Date Public

2018-12-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-18:14",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc"
          },
          {
            "name": "106210",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106210"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "status": "affected",
              "version": "FreeBSD 11.2 before 11.2-RELEASE-p6"
            }
          ]
        }
      ],
      "datePublic": "2018-12-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient bounds checking",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-15T10:57:01.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "FreeBSD-SA-18:14",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc"
        },
        {
          "name": "106210",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106210"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2018-17160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FreeBSD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient bounds checking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FreeBSD-SA-18:14",
              "refsource": "FREEBSD",
              "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc"
            },
            {
              "name": "106210",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106210"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2018-17160",
    "datePublished": "2018-12-04T21:00:00.000Z",
    "dateReserved": "2018-09-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:39:59.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-25187

CVE-2018-17160 (GCVE-0-2018-17160)

Tags

Sightings

Nomenclature