FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Linux compatibility layer issetugid(2) system call

Affected packages
10.2 <= FreeBSD-kernel < 10.2_11
10.1 <= FreeBSD-kernel < 10.1_28
9.3 <= FreeBSD-kernel < 9.3_35

Details

VuXML ID 7ac28df1-600a-11e6-a6c3-14dae9d210b8
Discovery 2016-01-27
Entry 2016-08-11

Problem Description:

A programming error in the Linux compatibility layer could cause the issetugid(2) system call to return incorrect information.

Impact:

If an application relies on output of the issetugid(2) system call and that information is incorrect, this could lead to a privilege escalation.

References

CVE Name CVE-2016-1883
FreeBSD Advisory SA-16:10.linux