FreeBSD kernel buffer initialization memory disclosure

bsd-buffer-initialization-disclosure (24338) The risk level is classified as MediumMedium Risk

Description:

FreeBSD could allow a local attacker to obtain sensitive information, caused by a vulnerability regarding kernel buffer initialization. A local attacker could exploit this vulnerability to read portions of kernel memory.


Consequences:

Obtain Information

Remedy:

Refer to FreeBSD Security Advisory FreeBSD-SA-06:06.kmem for patch or upgrade information. See References.

References:

  • FreeBSD Security Advisory FreeBSD-SA-06:06.kmem : Local kernel memory disclosure.
  • BID-16373: FreeBSD Multiple Local Kernel Memory Disclosure Vulnerabilities
  • CVE-2006-0379: FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.
  • OSVDB ID: 22730: FreeBSD Uninitialized Buffer Arbitrary Kernel Memory Disclosure
  • SA18599: FreeBSD Kernel Memory Disclosure Vulnerabilities
  • SECTRACK ID: 1015541: FreeBSD Kernel ioctl() Functions May Disclose Kernel Memory to Local Users

Platforms Affected:

  • FreeBSD FreeBSD 5.4
  • FreeBSD FreeBSD 6.0

Reported:

Jan 25, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page