Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:FREEBSD-BSPATCH-RCE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	FreeBSD bspatch Utility Remote Code Execution
Release Date	2016/08/03
Update Number	2765
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: FreeBSD bspatch Utility Remote Code Execution

This signature detects attempts to exploit a known vulnerability against bspatch utility in FreeBSD. A successful attack can lead to arbitrary code execution.

Extended Description

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Affected Products

Apple mac_os_x 10.11.5

References

CVE: CVE-2014-9862
URL: http://security.freebsd.org/advisories/freebsd-sa-16:25.bspatch.asc

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: FreeBSD bspatch Utility Remote Code Execution

Extended Description

Affected Products

References