Vulnerability CVE-2008-5736


Published: 2008-12-26   Modified: 2012-02-12

Description:
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.

See advisories in our WLB2 database:
Topic
Author
Date
High
FreeBSD <= 6.4 Netgraph Local Privledge Escalation Exploit
zx2c4
11.03.2011

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Freebsd -> Freebsd 

 References:
http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc
http://securityreason.com/securityalert/8124
http://www.exploit-db.com/exploits/16951
http://www.securityfocus.com/bid/32976
http://www.securitytracker.com/id?1021491
https://exchange.xforce.ibmcloud.com/vulnerabilities/47570
https://www.exploit-db.com/exploits/7581

Copyright 2020, cxsecurity.com

 

Back to Top