FreeBSD sandbox namei query memory leakage Vulnerability (CVE-2014-3711)

FreeBSD sandbox namei query memory leakage Vulnerability (CVE-2014-3711)

Release date:
Updated on:

Affected Systems:
FreeBSD 9.3
FreeBSD 9.2
FreeBSD 9.1
Description:
CVE (CAN) ID: CVE-2014-3711

FreeBSD is a UNIX operating system and an important branch of Unix developed from BSD, javasbsd, and 4.4BSD. The namei kernel device is responsible for executing and caching the conversion from the path name to the file system object.

FreeBSD 9.1, 9.2, and 9.3 have security vulnerabilities in the implementation of namei tools. When a sandbox process query does not have a path name, The namei tool leaks some kernel memory, resulting in memory depletion.

<* Source: Hiroki Sato

Link: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:22.namei.asc
*>

Suggestion:
Vendor patch:

FreeBSD
-------
FreeBSD has released a Security Bulletin (FreeBSD-SA-14: 22. namei. asc) and patches for this:
FreeBSD-SA-14: 22. namei. asc: memory leak in sandboxed namei lookup
Link: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:22.namei.asc

Use dump restore to quickly back up and restore the FreeBSD system

Mount the partition where FreeBSD is located in Linux

Test data of PostgreSQL running on FreeBSD and Linux

FreeBSD software package management

This article permanently updates the link address: