Vulnerabilities > CVE-2019-15878 - Use After Free vulnerability in Freebsd 11.3/12.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 10 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | FreeBSD Local Security Checks |
| NASL id | FREEBSD_PKG_253486F5947D11EA92AB00163E433440.NASL |
| description | The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact : Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
| last seen | 2020-05-21 |
| modified | 2020-05-13 |
| plugin id | 136534 |
| published | 2020-05-13 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/136534 |
| title | FreeBSD : FreeBSD -- Improper checking in SCTP-AUTH shared key update (253486f5-947d-11ea-92ab-00163e433440) |