CVE-2019-5596

EPSS 1.2%

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.

Affected products

FreeBSD · FreeBSD

public PoCs found — 4

githubgithub.com/raymontag/CVE-2019-5596★ 1 cve_referencepacketstormsecurity.com/files/155790/FreeBSD-fd-Privilege-Escalation.htmlunverified exploitdbwww.exploit-db.com/exploits/47081unverified exploitdbwww.exploit-db.com/exploits/47829unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/155790/FreeBSD-fd-Privilege-Escalation.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc