FreeBSD up to 10.1 IGMP igmp_input IGMPv3 Data integer overflow
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in FreeBSD up to 10.1 and classified as critical. This affects the function igmp_input of the component IGMP Handler. Executing a manipulation as part of IGMPv3 Data can lead to integer overflow.
This vulnerability is registered as CVE-2015-1414. No exploit is available. This vulnerability is historically impactful due to its background and the reception it garnered.
It is advisable to implement a patch to correct this issue.
Details
A vulnerability classified as critical was found in FreeBSD up to 10.1 (Operating System). This vulnerability affects the function igmp_input of the component IGMP Handler. The manipulation as part of a IGMPv3 Data leads to a integer overflow vulnerability. The CWE definition for the vulnerability is CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was published 02/25/2015 by Mateusz Kocielski, Logicaltrust, Marek Kroemeke and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 as FreeBSD-SA-15:04.igmp as confirmed advisory (Website). The advisory is shared for download at security.FreeBSD.org. This vulnerability was named CVE-2015-1414 since 01/27/2015. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 03/10/2022). This vulnerability has a historic impact due to its background and reception. The advisory points out:
An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.
The vulnerability scanner Nessus provides a plugin with the ID 83735 (McAfee Firewall Enterprise IGMP Packet Integer Overflow DoS (SB10107)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Firewalls. The commercial vulnerability scanner Qualys is able to test this issue with plugin 175448 (Debian Security Update for kfreebsd-9 (DSA 3175-2)).
Applying a patch is able to eliminate this problem.Proper firewalling of IGMP is able to address this issue. The best possible mitigation is suggested to be patching the affected component.
The vulnerability is also documented in the databases at X-Force (101182), Tenable (83735), SecurityFocus (BID 72777†), SecurityTracker (ID 1031798†) and Vulnerability Center (SBV-48807†). Similar entry is available at VDB-74668. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.freebsd.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Integer overflowCWE: CWE-190 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 83735
Nessus Name: McAfee Firewall Enterprise IGMP Packet Integer Overflow DoS (SB10107)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 703175
OpenVAS Name: Debian Security Advisory DSA 3175-1 (kfreebsd-9 - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Firewalling: 🔍
Timeline
01/27/2015 🔍02/25/2015 🔍
02/25/2015 🔍
02/25/2015 🔍
02/25/2015 🔍
02/25/2015 🔍
02/26/2015 🔍
02/27/2015 🔍
05/20/2015 🔍
03/10/2022 🔍
Sources
Product: freebsd.orgAdvisory: FreeBSD-SA-15:04.igmp
Researcher: Mateusz Kocielski, Logicaltrust, Marek Kroemeke, 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-1414 (🔍)
GCVE (CVE): GCVE-0-2015-1414
GCVE (VulDB): GCVE-100-69220
OVAL: 🔍
X-Force: 101182 - FreeBSD igmp_input() denial of service
SecurityFocus: 72777 - FreeBSD CVE-2015-1414 Remote Denial of Service Vulnerability
SecurityTracker: 1031798 - FreeBSD IGMP Integer Overflow Lets Remote Users Deny Service
Vulnerability Center: 48807 - FreeBSD Remote DoS due to Integer Overflow via Crafted IGMP Packets, High
See also: 🔍
Entry
Created: 02/25/2015 14:29Updated: 03/10/2022 18:51
Changes: 02/25/2015 14:29 (80), 06/21/2017 10:54 (8), 03/10/2022 18:44 (3), 03/10/2022 18:51 (1)
Complete: 🔍
Cache ID: 216:BA1:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.