FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Heap overflow vulnerability in bspatch

Affected packages
11.0 <= FreeBSD < 11.0_1
10.3 <= FreeBSD < 10.3_10
10.2 <= FreeBSD < 10.2_23
10.1 <= FreeBSD < 10.1_40
9.3 <= FreeBSD < 9.3_48

Details

VuXML ID ce808022-8ee6-11e6-a590-14dae9d210b8
Discovery 2016-10-10
Entry 2016-10-10

Problem Description:

The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible integer overflows remained.

Impact:

An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.

References

FreeBSD Advisory SA-16:29.bspatch