Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:07.amd64.asc
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date
https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-08:07.amd64.asc
Insight
FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel CPU's. For Intel CPU's this architecture is known as EM64T or Intel 64.
The gs segment CPU register is used by both user processes and the kernel to convieniently access state data. User processes use it to manage per-thread data, and the kernel uses it to manage per-processor data. As the processor enters and leaves the kernel it uses the 'swapgs' instruction to toggle between the kernel and user values for the gs register.
The kernel stores critical information in its per-processor data block. This includes the currently executing process and its credentials.
As the processor switches between user and kernel level, a number of checks are performed in order to implement the privilege protection system. If the processor detects a problem while attempting to switch privilege levels it generates a trap - typically general protection fault (GPF). In that case, the processor aborts the return to the user level process and re-enters the kernel. The FreeBSD kernel allows the user process to be notified of such an event by a signal (SIGSEGV or SIGBUS).
If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed.
Severity
Classification
-
CVE CVE-2008-3890 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities