FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- link_ntoa(3) buffer overflow

Affected packages
11.0 <= FreeBSD < 11.0_5
10.3 <= FreeBSD < 10.3_14
10.2 <= FreeBSD < 10.2_27
10.1 <= FreeBSD < 10.1_44
9.3 <= FreeBSD < 9.3_52

Details

VuXML ID 0282269d-bbee-11e6-b1cf-14dae9d210b8
Discovery 2016-12-06
Entry 2016-12-06
Modified 2016-12-08

Problem Description:

A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions.

Impact:

Due to very limited use of the function in the existing applications, and limited length of the overflow, exploitation of the vulnerability does not seem feasible. None of the utilities and daemons in the base system are known to be vulnerable. However, careful review of third party software that may use the function was not performed.

References

CVE Name CVE-2016-6559
FreeBSD Advisory SA-16:37.libc