CVE-2014-8611

Sažetak

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

Reference

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
https://support.apple.com/HT205212
https://support.apple.com/HT205267
https://svnweb.freebsd.org/base?view=revision&revision=275665
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-04-2016 - 12:40

Objavljeno

18-09-2015 - 10:59