Vulnerabilities > CVE-2014-0998 - Numeric Errors vulnerability in Freebsd 10.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

freebsd

CWE-189

exploit available

NVD

Published: 2015-02-02

Updated: 2024-11-21

Summary

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 10.1	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	FreeBSD Kernel - Multiple Vulnerabilities. CVE-2014-0998,CVE-2014-8612. Dos exploit for freebsd platform
id	EDB-ID:35938
last seen	2016-02-04
modified	2015-01-29
published	2015-01-29
reporter	Core Security
source	https://www.exploit-db.com/download/35938/
title	FreeBSD Kernel - Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/130124/CORE-2015-0003.txt
id	PACKETSTORM:130124
last seen	2016-12-05
published	2015-01-28
reporter	Core Security Technologies
source	https://packetstormsecurity.com/files/130124/FreeBSD-Kernel-Crash-Code-Execution-Disclosure.html
title	FreeBSD Kernel Crash / Code Execution / Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References