FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- memory leak in sandboxed namei lookup

Affected packages
10.0 <= FreeBSD-kernel < 10.0_10
9.3 <= FreeBSD-kernel < 9.3_3
9.2 <= FreeBSD-kernel < 9.2_13
9.1 <= FreeBSD-kernel < 9.1_20

Details

VuXML ID 73964eac-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-10-21
Entry 2016-08-11

Problem Description:

The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name.

Impact:

A remote attacker that can cause a sandboxed process (for instance, a web server) to look up a large number of nonexistent path names can cause memory exhaustion.

References

CVE Name CVE-2014-3711
FreeBSD Advisory SA-14:22.namei