Published: 10/06/2014 Updated: 21/06/2014

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 10.0
freebsd freebsd 9.2
freebsd freebsd 9.1
freebsd freebsd 8.4

Debian Bug report logs - #743984 kfreebsd-9: CVE-2014-1453: nfsserver denial of service Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Wed, 9 Apr 2014 00:00:02 UTC Severity: grave Tags: security, upstream Found in versions kfreebsd-9/90-10, ...

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1453 A remote, authenticated attacker could cause the NFS server become deadlocked, resulting in a deni ...

CWE-20 http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc http://www.debian.org/security/2014/dsa-2952 http://secunia.com/advisories/59034 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743984 https://www.debian.org/security/./dsa-2952 https://nvd.nist.gov

CVE-2014-3880

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect