CVE-2005-2019

FreeBSD 5.4 - Unauthenticated Access Control Bypass via Concurrent ipfw Table Lookups

Title source: llm
STIX 2.1

Description

ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc

Scores

EPSS 0.0022
EPSS Percentile 44.4%

Details

Status published
Products (1)
freebsd/freebsd 5.4
Published Jul 05, 2005
Tracked Since Feb 18, 2026