FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
53b3474c-f680-11e9-a87f-a4badb2f4699FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat

Problem Description:

System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file.

Impact:

A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.


Discovery 2019-08-20
Entry 2019-10-24
FreeBSD-kernel
ge 12.0 lt 12.0_10

ge 11.3 lt 11.3_3

ge 11.2 lt 11.2_14

CVE-2019-5603
SA-19:24.mqueuefs