On FreeBSD six vulnerabilities that allow you to carry out a DoS attack, leave the jail environment, or gain access to kernel data. The problems were fixed in updates 12.1-RELEASE-p3 and 11.3-RELEASE-p7.
- — due to an error in the implementation of epair virtual network interfaces, a user with PRIV_NET_IFCREATE or root rights from an isolated jail environment can cause the kernel to crash or execute their code with kernel rights.
- — no check for string termination with a null character when processing the “osrelease” option through the jail_set system call, allows you to obtain the contents of adjacent kernel memory structures when the jail environment administrator makes a jail_get call, if support for launching nested jail environments is enabled through the children.max parameter ( By default, the creation of nested jail environments is prohibited).
- — incorrect checking of privileges when accessing the driver via ioctl allows an unprivileged user to install a firmware update for NVM devices.
- — incorrect checking of privileges when accessing the driver via ioctl allows an unprivileged user to send commands to the firmware of Emulex OneConnect network adapters.
- — by sending TCP SYN-ACK segments designed in a certain way over IPv6, one byte of kernel memory can be leaked over the network (the Traffic Class field is not initialized and contains residual data).
- in the ntpd time synchronization daemon can be used to cause a denial of service (causing the ntpd process to crash).
Source: opennet.ru