FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Improper ELF header parsing

Affected packages
11.2	<=	FreeBSD-kernel	<	11.2_3
11.1	<=	FreeBSD-kernel	<	11.1_14
10.4	<=	FreeBSD-kernel	<	10.4_12

Details

VuXML ID	a67c122a-b693-11e8-ac58-a4badb2f4699
Discovery	2018-09-12
Entry	2018-09-12

Problem Description:

Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be.

Impact:

Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.

References

CVE Name	CVE-2018-6924
FreeBSD Advisory	SA-18:12.elf

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.