FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- integer overflow in IP_MSFILTER

Affected packages
9.1 <= FreeBSD-kernel < 9.1_6
8.4 <= FreeBSD-kernel < 8.4_3
8.3 <= FreeBSD-kernel < 8.3_10

Details

VuXML ID 0844632f-5e78-11e6-a6c3-14dae9d210b8
Discovery 2013-08-22
Entry 2016-08-09

Problem Description:

An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation.

Impact:

An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.

References

CVE Name CVE-2013-3077
FreeBSD Advisory SA-13:09.ip_multicast