FreeBSD kernel buffer initialization memory disclosure
| bsd-buffer-initialization-disclosure (24338) |  Medium Risk |
Description:
FreeBSD could allow a local attacker to obtain sensitive information, caused by a vulnerability regarding kernel buffer initialization. A local attacker could exploit this vulnerability to read portions of kernel memory.
Platforms Affected:
- FreeBSD, FreeBSD 5.4
- FreeBSD, FreeBSD 6.0
Remedy:
Refer to FreeBSD Security Advisory FreeBSD-SA-06:06.kmem for patch or upgrade information. See References.
Consequences:
Obtain Information
References:
- FreeBSD Security Advisory FreeBSD-SA-06:06.kmem , Local kernel memory disclosure at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc.
- BID-16373: FreeBSD Multiple Local Kernel Memory Disclosure Vulnerabilities
- CVE-2006-0379: FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.
- OSVDB ID: 22730: FreeBSD Uninitialized Buffer Arbitrary Kernel Memory Disclosure
- SA18599: FreeBSD Kernel Memory Disclosure Vulnerabilities
- SECTRACK ID: 1015541: FreeBSD Kernel ioctl() Functions May Disclose Kernel Memory to Local Users
Reported:
Jan 25, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net