FreeBSD: VID-BB53AF7B-F7E4-11EA-88F8-901B0EF719AB (CVE-2020-7464): FreeBSD -- ure device driver susceptible to packet-in-packet attack
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-BB53AF7B-F7E4-11EA-88F8-901B0EF719AB:
Problem Description:
A programming error in the ure(4) device driver caused some Realtek USB
Ethernet interfaces to incorrectly report packets with more than 2048 bytes
in a single USB transfer as having a length of only 2048 bytes.
An adversary can exploit this to cause the driver to misinterpret part of the
payload of a large packet as a separate packet, and thereby inject packets
across security boundaries such as VLANs.
Impact:
An attacker that can send large frames (larger than 2048 bytes in size) to be
received by the host (be it VLAN, or non-VLAN tagged packet), can inject
arbitrary packets to be received and processed by the host. This includes
spoofing packets from other hosts, or injecting packets to other VLANs than
the host is on.
Solution(s)
- freebsd-upgrade-base-11_3-release-p14
- freebsd-upgrade-base-11_4-release-p4
- freebsd-upgrade-base-12_1-release-p10
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center