FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Remote code execution in ggatec(8)

Affected packages
13.0 <= FreeBSD < 13.0_4
12.2 <= FreeBSD < 12.2_10
11.4 <= FreeBSD < 11.4_13

Details

VuXML ID 3e9d2fde-0567-11ec-b69d-4062311215d5
Discovery 2021-08-24
Entry 2021-08-25

Problem Description:

The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).

Impact:

A malicious ggated(8) or an attacker in a priviledged network position can overwrite the stack with crafted content and potentially execute arbitrary code.

References

CVE Name CVE-2021-29630
FreeBSD Advisory SA-21:14.ggatec