FreeBSD CVE-2016-1886 Local Buffer Overflow Vulnerability



FreeBSD is prone to a local buffer-overflow vulnerability.

Successful exploits allow local attackers to execute arbitrary code. Failed exploit attempts likely result in denial-of-service conditions.

Information

Bugtraq ID: 90734
Class: Boundary Condition Error
CVE: CVE-2016-1886

Remote: No
Local: Yes
Published: May 17 2016 12:00AM
Updated: Apr 18 2017 08:07PM
Credit: CTurt and the HardenedBSD team
Vulnerable: Juniper Junos 16.1R1
Juniper Junos 15.1X53-D70
Juniper Junos 15.1X53-D63
Juniper Junos 15.1X53-D60
Juniper Junos 15.1X53-D40
Juniper Junos 15.1X53-D35
Juniper Junos 15.1X53-D30
Juniper Junos 15.1X53-D20
Juniper Junos 15.1X49-D40
Juniper Junos 15.1X49-D30
Juniper Junos 15.1X49-D20
Juniper Junos 15.1X49-D15
Juniper Junos 15.1X49-D10
Juniper Junos 15.1F6-S5
Juniper Junos 15.1F6-S4
Juniper Junos 15.1F6
Juniper Junos 15.1F5-S2
Juniper Junos 15.1F5
Juniper Junos 15.1F4-S2
Juniper Junos 15.1F4
Juniper Junos 15.1F3
Juniper Junos 15.1F2-S5
Juniper Junos 15.1F2-S2
Juniper Junos 15.1F2-S16
Juniper Junos 15.1F2-S14
Juniper Junos 15.1F2
Juniper Junos 15.1F1
Juniper Junos 14.2R6.5
Juniper Junos 14.2R6-S4
Juniper Junos 14.2R6
Juniper Junos 14.2R5
Juniper Junos 14.2R4-S1
Juniper Junos 14.2R4
Juniper Junos 14.2R3-S4
Juniper Junos 14.2R3
Juniper Junos 14.2R2.8
Juniper Junos 14.2R2
Juniper Junos 14.2R1
Juniper Junos 14.1X53-D40
Juniper Junos 14.1X53-D35
Juniper Junos 14.1X53-D30.3
Juniper Junos 14.1X53-D30
Juniper Junos 14.1X53-D28
Juniper Junos 14.1X53-D26
Juniper Junos 14.1X53-D25
Juniper Junos 14.1X53-D20
Juniper Junos 14.1X53-D18
Juniper Junos 14.1X53-D16
Juniper Junos 14.1X53-D12
Juniper Junos 14.1X53-D10
Juniper Junos 14.1R8-S3
Juniper Junos 14.1R8
Juniper Junos 14.1R7
Juniper Junos 14.1R6-S1
Juniper Junos 14.1R6
Juniper Junos 14.1R5
Juniper Junos 14.1R4-S7
Juniper Junos 14.1R4
Juniper Junos 14.1R3-S9
Juniper Junos 14.1R3-S2
Juniper Junos 14.1R3
Juniper JUNOS 14.1R2
Juniper Junos 14.1R1
Juniper Junos 12.3X48-D50
Juniper Junos 12.3X48-D40
Juniper Junos 12.3X48-D35
Juniper Junos 12.3X48-D30.7
Juniper Junos 12.3X48-D30
Juniper Junos 12.3X48-D25
Juniper Junos 12.3X48-D20
Juniper Junos 12.3X48-D15
Juniper Junos 12.3X48-D10
FreeBSD Freebsd 9.3-RELEASE-p9
FreeBSD FreeBSD 9.3-RELEASE-p6
FreeBSD FreeBSD 9.3-RELEASE-p5
FreeBSD Freebsd 9.3-RELEASE-p41
FreeBSD Freebsd 9.3-RELEASE-p39
FreeBSD Freebsd 9.3-RELEASE-p38
FreeBSD Freebsd 9.3-RELEASE-p36
FreeBSD Freebsd 9.3-RELEASE-p35
FreeBSD Freebsd 9.3-RELEASE-p34
FreeBSD Freebsd 9.3-RELEASE-p33
FreeBSD Freebsd 9.3-RELEASE-p31
FreeBSD FreeBSD 9.3-RELEASE-p3
FreeBSD Freebsd 9.3-RELEASE-p29
FreeBSD Freebsd 9.3-RELEASE-p25
FreeBSD Freebsd 9.3-RELEASE-p24
FreeBSD Freebsd 9.3-RELEASE-p22
FreeBSD Freebsd 9.3-RELEASE-p21
FreeBSD FreeBSD 9.3-RELEASE-p2
FreeBSD Freebsd 9.3-RELEASE-p13
FreeBSD Freebsd 9.3-RELEASE-p10
FreeBSD FreeBSD 9.3-RELEASE-p1
FreeBSD FreeBSD 9.3-PRERELEASE
FreeBSD FreeBSD 9.3
FreeBSD FreeBSD 9.0
FreeBSD Freebsd 10.3-RELEASE-p2
FreeBSD Freebsd 10.3-RELEASE-p1
FreeBSD Freebsd 10.3
FreeBSD Freebsd 10.2-RELEASE-p9
FreeBSD Freebsd 10.2-RELEASE-p8
FreeBSD Freebsd 10.2-RELEASE-p6
FreeBSD Freebsd 10.2-RELEASE-p16
FreeBSD Freebsd 10.2-RELEASE-p14
FreeBSD Freebsd 10.2-RELEASE-p13
FreeBSD Freebsd 10.2-RELEASE-p12
FreeBSD Freebsd 10.2-RELEASE-p11
FreeBSD Freebsd 10.2-RELEASE-p10
FreeBSD Freebsd 10.2-PRERELEASE
FreeBSD Freebsd 10.2
FreeBSD Freebsd 10.1-RELEASE-p9
FreeBSD Freebsd 10.1-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p5
FreeBSD Freebsd 10.1-RELEASE-p33
FreeBSD Freebsd 10.1-RELEASE-p31
FreeBSD Freebsd 10.1-RELEASE-p30
FreeBSD Freebsd 10.1-RELEASE-p29
FreeBSD Freebsd 10.1-RELEASE-p28
FreeBSD Freebsd 10.1-RELEASE-p27
FreeBSD Freebsd 10.1-RELEASE-p26
FreeBSD Freebsd 10.1-RELEASE-p25
FreeBSD Freebsd 10.1-RELEASE-p23
FreeBSD Freebsd 10.1-RELEASE-p19
FreeBSD Freebsd 10.1-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p16
FreeBSD FreeBSD 10.1-RELEASE-p1
FreeBSD FreeBSD 10.1-PRERELEASE
FreeBSD FreeBSD 10.1


Not Vulnerable: Juniper Junos 17.1R1
Juniper Junos 16.2R1
Juniper Junos 16.1R2
Juniper Junos 15.1X53-D230
Juniper Junos 15.1X49-D60
Juniper Junos 15.1R5
Juniper Junos 15.1F7
Juniper Junos 15.1F5-S5
Juniper Junos 14.2R7
Juniper Junos 14.1X53-D50
Juniper Junos 14.1R9
Juniper Junos 12.3X48-D55
FreeBSD FreeBSD 9.3-STABLE
FreeBSD Freebsd 9.3-RELEASE-p42
FreeBSD Freebsd 10.3-STABLE
FreeBSD Freebsd 10.3-RELEASE-p3
FreeBSD Freebsd 10.2-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p34


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts