CVE-2017-1000364 FreeBSD exposure ?

Matthew Seaman matthew at
Wed Jul 5 10:22:33 UTC 2017

On 2017/07/05 10:55, Damien Fleuriot wrote:
> I'm curious about the lack of announcement on the site in the
> vulnerabilities section [1], about CVE-2017-1000364 [2] [3].
> Does anyone know to what extent FreeBSD is affected ?
> I'm trying to assess how critical it is that I patch our FreeBSD
> 10-STABLE boxes at work.
> Hope a kind soul can spare 5 minutes of their precious time to shed
> some light for me ;)

The Security Team and a number of Kernel developers have examined the
stack-clash exploit and how it would apply to FreeBSD, and have
concluded that on FreeBSD it does not pose a vulnerability that would
merit a security advisory.  While it is possible to write an application
to generate a stack-clash relatively simply. According to Qualys' work,
in order to be exploitable, this requires a particular type of
vulnerability in a setuid or setgid application where a stack-clash can
be generated.  As far as they could determine, no such combination could
be found.

Stack-clash is definitely a bug, and there is on-going work to tighten
up the way stack and heap collisions are handled which has recently been
committed to CURRENT and will be MFC'd to STABLE branches in the usual
way.  There may well be an Errata Notification on the currently
supported -RELEASE branches in order to address the widespread public
concerns.  However, to the best of SecTeam's knowledge this is not a
critical problem on FreeBSD.

Of course, this does not preclude an exploit using some ported software
-- if anyone is aware of any such exploit, please let SecTeam know as
soon as possible.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 972 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list