CVE-2013-3077

2013-08-2813:13:58

CWE-189

mitre

web.nvd.nist.gov

cve

2013

3077

integer overflow

ip_msfilter

ipv6_msfilter

freebsd

kernel

multicast

local users

privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.2%

JSON

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.

Affected configurations

Nvd

Node

freebsdfreebsdMatch8.3

freebsdfreebsdMatch9.0

freebsdfreebsdMatch9.1

freebsdfreebsdMatch9.1p4

freebsdfreebsdMatch9.1p5

freebsdfreebsdMatch9.2prerelease

VendorProductVersionCPE
freebsdfreebsd8.3cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*
freebsdfreebsd9.0cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*
freebsdfreebsd9.1cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*
freebsdfreebsd9.1cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*
freebsdfreebsd9.1cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*
freebsdfreebsd9.2cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*

Vendor	Product	Version	CPE
freebsd	freebsd	8.3	cpe:2.3:o:freebsd:freebsd:8.3:::::::*
freebsd	freebsd	9.0	cpe:2.3:o:freebsd:freebsd:9.0:::::::*
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:::::::*
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:p4::::::
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:p5::::::
freebsd	freebsd	9.2	cpe:2.3:o:freebsd:freebsd:9.2:prerelease::::::