FreeBSD procfs linprocfs information disclosure

freebsd-profs-linprocfs-info-disclosure (18321) The risk level is classified as MediumMedium Risk

Description:

FreeBSD could allow a local attacker to obtain sensitive information, caused by a vulnerability in /proc/curproc/cmdline of the procfs file system and /proc/self/cmdline of the linprocfs file system, which is caused by improper reading of the process argument vector from the process address space. A local attacker could exploit this vulnerability to cause a system panic or view portions of the kernel memory.

Platforms Affected:

  • FreeBSD, FreeBSD 4.0
  • FreeBSD, FreeBSD 4.1
  • FreeBSD, FreeBSD 4.1.1
  • FreeBSD, FreeBSD 4.10
  • FreeBSD, FreeBSD 4.2
  • FreeBSD, FreeBSD 4.3
  • FreeBSD, FreeBSD 4.4
  • FreeBSD, FreeBSD 4.5
  • FreeBSD, FreeBSD 4.6
  • FreeBSD, FreeBSD 4.7
  • FreeBSD, FreeBSD 4.8
  • FreeBSD, FreeBSD 4.9
  • FreeBSD, FreeBSD 5.0
  • FreeBSD, FreeBSD 5.1
  • FreeBSD, FreeBSD 5.2
  • FreeBSD, FreeBSD 5.2.1
  • FreeBSD, FreeBSD 5.3
  • FreeBSD, FreeBSD RELENG_4_10
  • FreeBSD, FreeBSD RELENG_4_8
  • FreeBSD, FreeBSD RELENG_5_2

Remedy:

Upgrade to the latest version of FreeBSD (RELENG_5, 5.3-STABLE, RELENG_5_3, 5.3-RELEASE-p2, RELENG_5_2, 5.2.1-RELEASE-p13, RELENG_4, 4.10-STABLE, RELENG_4_10, 4.10-RELEASE-p5, RELENG_4_8 or 4.8-RELEASE-p27 or later), as listed in FreeBSD Security Advisory FreeBSD-SA-04:17.procfs. See References.

— OR—

Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-04:17.procfs. See References.

Consequences:

Obtain Information

References:

  • FreeBSD Project Security Advisory FreeBSD-SA-04:17.procfs, Kernel memory disclosure in procfs and linprocfs at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc.
  • BID-11789: FreeBSD Linux ProcFS Local Kernel Denial Of Service And Information Disclosure Vulnerability
  • CVE-2004-1066: The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

Reported:

Dec 01, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page