CVE-2017-1000364 FreeBSD exposure ?

Damien Fleuriot ml at my.gd
Wed Jul 5 10:28:06 UTC 2017


Thanks Fernando for the link, and Matthew for the clarification :)

On 5 July 2017 at 12:22, Matthew Seaman <matthew at freebsd.org> wrote:
> On 2017/07/05 10:55, Damien Fleuriot wrote:
>> I'm curious about the lack of announcement on the site in the
>> vulnerabilities section [1], about CVE-2017-1000364 [2] [3].
>>
>>
>> Does anyone know to what extent FreeBSD is affected ?
>>
>> I'm trying to assess how critical it is that I patch our FreeBSD
>> 10-STABLE boxes at work.
>>
>>
>>
>> Hope a kind soul can spare 5 minutes of their precious time to shed
>> some light for me ;)
>
> The Security Team and a number of Kernel developers have examined the
> stack-clash exploit and how it would apply to FreeBSD, and have
> concluded that on FreeBSD it does not pose a vulnerability that would
> merit a security advisory.  While it is possible to write an application
> to generate a stack-clash relatively simply. According to Qualys' work,
> in order to be exploitable, this requires a particular type of
> vulnerability in a setuid or setgid application where a stack-clash can
> be generated.  As far as they could determine, no such combination could
> be found.
>
> Stack-clash is definitely a bug, and there is on-going work to tighten
> up the way stack and heap collisions are handled which has recently been
> committed to CURRENT and will be MFC'd to STABLE branches in the usual
> way.  There may well be an Errata Notification on the currently
> supported -RELEASE branches in order to address the widespread public
> concerns.  However, to the best of SecTeam's knowledge this is not a
> critical problem on FreeBSD.
>
> Of course, this does not preclude an exploit using some ported software
> -- if anyone is aware of any such exploit, please let SecTeam know as
> soon as possible.
>
>         Cheers,
>
>         Matthew
>
>


More information about the freebsd-questions mailing list