FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Memory disclosure vulnerability in libalias

Affected packages
12.1 <= FreeBSD-kernel < 12.1_5
11.4 <= FreeBSD-kernel < 11.4_1
11.3 <= FreeBSD-kernel < 11.3_9

Details

VuXML ID 78992249-947c-11ea-92ab-00163e433440
Discovery 2020-05-12
Entry 2020-05-12

Problem Description:

The FTP packet handler in libalias incorrectly calculates some packet lengths. This may result in disclosing small amounts of memory from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).

Impact:

A malicious attacker could send specially constructed packets that exploit the erroneous calculation allowing the attacker to disclose small amount of memory either from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).

References

CVE Name CVE-2020-7455
FreeBSD Advisory SA-20:13.libalias