AISLE Discovers 3 Critical Vulnerabilities in FreeBSD

Author

Joshua Rogers

Date Published

FreeBSD 1

When Anthropic announced that Claude Mythos wrote a remote code execution (RCE) exploit for FreeBSD’s NFS server, we wondered if the model had missed something. It turns out it missed quite a bit.

Using AISLE’s multi-model system to analyze the FreeBSD codebase, our autonomous analyzer found multiple critical-severity vulnerabilities, including a two-decades-old RCE vulnerability, a heap buffer overflow, and multiple stack buffer overflows. We also reported a number of bugs, and are still using the AISLE platform to scour for additional vulnerabilities.

FreeBSD is an essential part of the software infrastructure powering modern civilization. It is used by major networking platforms like Cisco, entertainment giants like Netflix, Sony (Playstation) and Nintendo (Switch), as well as NetApp’s storage systems. Thanks to a philosophy of security through simplicity, FreeBSD is widely recognized as one of the world’s most secure operating systems. Its continued defense is vital, and we followed responsible disclosure practices for each vulnerability mentioned in this post.

Each of these vulnerabilities was discovered on April 13th, reported on April 14th, and fixed in the April 29th release. Each of them was disclosed exclusively by AISLE.

The Findings

The remote command execution vulnerability our analyzer found could have been easily exploited by any system on the same local network as the FreeBSD system. First entering the FreeBSD operating system over 20 years ago, the vulnerability we discovered could be exploited by anyone on the same network. After it was identified by AISLE’s analyzer system, it was autonomously evaluated by our triage agents and flagged to our researchers, who verified the security impact. They also verified a remotely triggerable heap buffer overflow in the same functionality.

The same is true of the two stack buffer overflows, each of which was reachable through its own code path. In one case, any local user could exploit the vulnerability by triggering memory corruption in a root process: ping6. In another, a fix that was applied in an older version of FreeBSD had been removed during refactoring.

In all three instances, our autonomous analyzer and triage agents found and investigated the vulnerabilities. After confirming their security impact, Joshua Rogers of AISLE developed a proof of concept and submitted reports to the FreeBSD maintainers. All three vulnerabilities have now been patched.

Given that AI has collapsed the patch window by making it trivially simple for hackers to reverse-engineer security updates, we urge anyone running FreeBSD to update to the latest version.

Securing Software Infrastructure with AISLE

These findings come at an inflection point for AI-powered cybersecurity. It is clear that AI can discover vulnerabilities in highly scrutinized codebases (in fact, security practitioners have known this for years), but an important question remains: do defenders need access to high-powered, expensive models in order to find security issues?

The weight of a growing body of evidence, which includes AISLE’s OpenSSL discoveries (most recently here) as well as original research by AISLE’s Stanislav Fort, suggests a clear answer: no. High-powered, expensive models are certainly exciting, but they can’t match the thoroughness of well-designed cybersecurity systems. Rather than scaling linearly with compute, it seems that security capability is jagged: small models can outperform larger ones at many cyber-relevant tasks. This may be way AISLE matched Mythos in FreeBSD CVE discoveries in April, despite using far cheaper models.

AISLE’s multi-model system has autonomously discovered, triaged, and generated verified fixes for hundreds of security issues severe enough to warrant CVE designation. Yet it is not merely an analyzer: it unifies the complex and time-consuming tasks of triage and remediation so security teams can not only find new vulnerabilities, they can bring their enterprise security backlogs to zero.

Skeptical? See what AISLE can do for you.