FreeBSD Security Advisory (FreeBSD-SA-09:13.pipe.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:13.pipe.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:13.pipe.asc

Insight

Pipes are a form of inter-process communication (IPC) provided by the FreeBSD kernel. kqueue is an event management API that applications can use to monitor pipes and other kernel services. A race condition exists in the pipe close() code relating to kqueues, causing use-after-free for kernel memory, which may lead to an exploitable NULL pointer vulnerability in the kernel, kernel memory corruption, and other unpredictable results.

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

exim -- two buffer overflow vulnerabilities
FreeBSD Ports: bind99
FreeBSD Ports: chromium
FreeBSD Ports: chromium
FreeBSD Ports: chromium

Take action and discover your vulnerabilities