CVE-2016-1885
CVE-2016-1885
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39570/unverifiedexploitdbwww.exploit-db.com/exploits/39570unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.htmlhttp://seclists.org/fulldisclosure/2016/Mar/56http://seclists.org/fulldisclosure/2016/Mar/67https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.aschttps://www.exploit-db.com/exploits/39570/http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflowhttp://www.securityfocus.com/archive/1/537812/100/0/threadedhttp://www.securityfocus.com/archive/1/537813/100/0/threadedhttp://www.securitytracker.com/id/1035309