CVE-2013-3077 | Vulnerability Database | Aqua Security

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.

Affected Software

Name	Vendor	Start Version	End Version
Freebsd	Freebsd	8.3 (including)	8.3 (including)
Freebsd	Freebsd	9.0 (including)	9.0 (including)
Freebsd	Freebsd	9.1 (including)	9.1 (including)
Freebsd	Freebsd	9.1-p4 (including)	9.1-p4 (including)
Freebsd	Freebsd	9.1-p5 (including)	9.1-p5 (including)
Freebsd	Freebsd	9.2-prerelease (including)	9.2-prerelease (including)
Kfreebsd-8	Ubuntu	lucid	*
Kfreebsd-8	Ubuntu	upstream	*

References

http://svnweb.freebsd.org/base?view=revision\u0026revision=254629
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc
http://svnweb.freebsd.org/base?view=revision\u0026revision=254629
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-3077
CWE	https://cwe.mitre.org/data/definitions/189.html