Vulnerabilities > CVE-2014-1453 - Resource Management Errors vulnerability in Freebsd
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 14 |
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6A384960600711E6A6C314DAE9D210B8.NASL description The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. Impact : An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 92898 published 2016-08-12 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92898 title FreeBSD : FreeBSD -- Deadlock in the NFS server (6a384960-6007-11e6-a6c3-14dae9d210b8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(92898); script_version("2.4"); script_cvs_date("Date: 2018/12/07 9:46:53"); script_cve_id("CVE-2014-1453"); script_bugtraq_id(66726); script_xref(name:"FreeBSD", value:"SA-14:05.nfsserver"); script_name(english:"FreeBSD : FreeBSD -- Deadlock in the NFS server (6a384960-6007-11e6-a6c3-14dae9d210b8)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. Impact : An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service." ); # https://vuxml.freebsd.org/freebsd/6a384960-6007-11e6-a6c3-14dae9d210b8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7befe99a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:FreeBSD"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); if (report_paranoia < 2) audit(AUDIT_PARANOID); flag = 0; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=10.0<10.0_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=9.2<9.2_4")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=9.1<9.1_11")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.4<8.4_8")) flag++; if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.3<8.3_15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2952.NASL description Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-1453 A remote, authenticated attacker could cause the NFS server become deadlocked, resulting in a denial of service. - CVE-2014-3000 : An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system. - CVE-2014-3880 A local attacker can trigger a kernel crash (triple fault) with potential data loss, related to the execve/fexecve system calls. Reported by Ivo De Decker. last seen 2020-03-17 modified 2014-06-09 plugin id 74374 published 2014-06-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74374 title Debian DSA-2952-1 : kfreebsd-9 - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2952. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(74374); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1453", "CVE-2014-3000", "CVE-2014-3880"); script_bugtraq_id(66726, 67153); script_xref(name:"DSA", value:"2952"); script_name(english:"Debian DSA-2952-1 : kfreebsd-9 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-1453 A remote, authenticated attacker could cause the NFS server become deadlocked, resulting in a denial of service. - CVE-2014-3000 : An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system. - CVE-2014-3880 A local attacker can trigger a kernel crash (triple fault) with potential data loss, related to the execve/fexecve system calls. Reported by Ivo De Decker." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1453" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3000" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-3880" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/kfreebsd-9" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2952" ); script_set_attribute( attribute:"solution", value: "Upgrade the kfreebsd-9 packages. For the stable distribution (wheezy), these problems have been fixed in version 9.0-10+deb70.7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kfreebsd-9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-486", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-686", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-686-smp", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-amd64", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-malta", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9-xen", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-486", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-686", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-686-smp", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-amd64", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-malta", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-headers-9.0-2-xen", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-486", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-686", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-686-smp", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-amd64", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-malta", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9-xen", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-486", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-686", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-686-smp", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-amd64", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-malta", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-image-9.0-2-xen", reference:"9.0-10+deb70.7")) flag++; if (deb_check(release:"7.0", prefix:"kfreebsd-source-9.0", reference:"9.0-10+deb70.7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66726 CVE ID:CVE-2014-1453 FreeBSD是一种UNIX操作系统,是由经过BSD、386BSD和4.4BSD发展而来的Unix的一个重要分支。 FreeBSD在转换目标文件句柄为vnode时存在锁顺序错误,这可导致死锁,造成拒绝服务。 0 FreeBS 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.freebsd.org/security/index.html |
id | SSV:62156 |
last seen | 2017-11-19 |
modified | 2014-04-14 |
published | 2014-04-14 |
reporter | Root |
title | FreeBSD远程拒绝服务漏洞 |