FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-08:07.amd64.asc)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.61516

Category: FreeBSD Local Security Checks

Title: FreeBSD Security Advisory (FreeBSD-SA-08:07.amd64.asc)

Summary: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-08:07.amd64.asc

Description: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-08:07.amd64.asc

Vulnerability Insight:
FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel
CPU's. For Intel CPU's this architecture is known as EM64T or Intel 64.

The gs segment CPU register is used by both user processes and the
kernel to conveniently access state data. User processes use it to
manage per-thread data, and the kernel uses it to manage per-processor
data. As the processor enters and leaves the kernel it uses the
'swapgs' instruction to toggle between the kernel and user values for
the gs register.

The kernel stores critical information in its per-processor data
block. This includes the currently executing process and its
credentials.

As the processor switches between user and kernel level, a number of
checks are performed in order to implement the privilege protection
system. If the processor detects a problem while attempting to switch
privilege levels it generates a trap - typically general protection
fault (GPF). In that case, the processor aborts the return to the
user level process and re-enters the kernel. The FreeBSD kernel
allows the user process to be notified of such an event by a signal
(SIGSEGV or SIGBUS).

If a General Protection Fault happens on a FreeBSD/amd64 system while
it is returning from an interrupt, trap or system call, the swapgs CPU
instruction may be called one extra time when it should not resulting
in userland and kernel state being mixed.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3890
BugTraq ID: 31003
http://www.securityfocus.com/bid/31003
FreeBSD Security Advisory: FreeBSD-SA-08:07
http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc
http://www.securitytracker.com/id?1020815
http://secunia.com/advisories/31743
XForce ISS Database: freebsd-fault-privilege-escalation(44905)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44905

Copyright Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.61516
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Security Advisory (FreeBSD-SA-08:07.amd64.asc)
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-08:07.amd64.asc
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:07.amd64.asc Vulnerability Insight: FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel CPU's. For Intel CPU's this architecture is known as EM64T or Intel 64. The gs segment CPU register is used by both user processes and the kernel to conveniently access state data. User processes use it to manage per-thread data, and the kernel uses it to manage per-processor data. As the processor enters and leaves the kernel it uses the 'swapgs' instruction to toggle between the kernel and user values for the gs register. The kernel stores critical information in its per-processor data block. This includes the currently executing process and its credentials. As the processor switches between user and kernel level, a number of checks are performed in order to implement the privilege protection system. If the processor detects a problem while attempting to switch privilege levels it generates a trap - typically general protection fault (GPF). In that case, the processor aborts the return to the user level process and re-enters the kernel. The FreeBSD kernel allows the user process to be notified of such an event by a signal (SIGSEGV or SIGBUS). If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3890 BugTraq ID: 31003 http://www.securityfocus.com/bid/31003 FreeBSD Security Advisory: FreeBSD-SA-08:07 http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc http://www.securitytracker.com/id?1020815 http://secunia.com/advisories/31743 XForce ISS Database: freebsd-fault-privilege-escalation(44905) https://exchange.xforce.ibmcloud.com/vulnerabilities/44905
Copyright	Copyright (C) 2008 E-Soft Inc.