On FreeBSD A vulnerability (CVE-2019-5611) that could cause a kernel crash (packet-of-death) by sending specially fragmented ICMPv6 MLD packets (). Problem missing the required check in the m_pulldown() call, which could result in non-contiguous chains of mbufs being returned, contrary to the caller's expectation.
Vulnerability in updates 12.0-RELEASE-p10, 11.3-RELEASE-p3 and 11.2-RELEASE-p14. As a security workaround, you can disable fragmentation support for IPv6 or filter on the firewall options in the header (Hop by Hop) Interestingly, the bug leading to the vulnerability was identified back in 2006 and fixed in OpenBSD, NetBSD and macOS, but remained unpatched in FreeBSD, despite the fact that the FreeBSD developers were notified of the problem.
We can also note the elimination of two more vulnerabilities in FreeBSD:
- β overflow of the reference counter to data structures in mqueuefs when using 32-bit libraries in a 64-bit environment (32-bit compat). The problem manifests itself when enabling mqueuefs, which is not active by default, and can lead to access to files, directories and sockets opened by processes owned by other users, or to provide access to external files from the jail environment. If the user has root access in the jail, the vulnerability allows getting root access on the side of the host environment.
- - An issue with multi-threaded access to the device /dev/midistat in the event of a race condition can lead to reading areas of kernel memory outside the boundaries of the buffer allocated for midistat. On 32-bit systems, an attempt to exploit the vulnerability leads to a kernel crash, and on 64-bit systems, it allows you to find out the contents of arbitrary areas of kernel memory.
Source: opennet.ru