| Vulnerability Name: | CVE-2008-5736 (CCN-47570) | ||||||||
| Assigned: | 2008-12-23 | ||||||||
| Published: | 2008-12-23 | ||||||||
| Updated: | 2019-08-02 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. Per http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, and 7.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch.asc [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch # fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-5736 Source: OSVDB Type: Broken Link 50936 Source: CCN Type: SA33209 FreeBSD netgraph / bluetooth Sockets Privilege Escalation Source: SECUNIA Type: Vendor Advisory 33209 Source: CCN Type: FreeBSD-SA-08:13.protosw netgraph / bluetooth privilege escalation Source: FREEBSD Type: Vendor Advisory FreeBSD-SA-08:13 Source: SREASON Type: Third Party Advisory 8124 Source: CCN Type: SECTRACK ID: 1021491 FreeBSD Netgraph and Bluetooth Protocol Stacks Let Local Users Gain Elevated Privileges Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry 16951 Source: CCN Type: FreeBSD Web site The FreeBSD Project Source: CCN Type: OSVDB ID: 50936 FreeBSD netgraph / bluetooth Sockets Function Pointers Arbitrary Local Code Execution Source: BID Type: Third Party Advisory, VDB Entry 32976 Source: CCN Type: BID-32976 FreeBSD netgraph and bluetooth Local Privilege Escalation Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1021491 Source: XF Type: UNKNOWN freebsd-netgraph-bluetooth-priv-escalation(47570) Source: XF Type: VDB Entry freebsd-netgraph-bluetooth-priv-escalation(47570) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-10-2011] Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry 7581 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||