|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a local user generates a list of network interfaces and the "SIOCGICONF" ioctl fails to zero out the buffer, which may cause up to 12 bytes of potentially sensitive information from previously cached kernel memory to be disclosed to the user process, resulting in a loss of confidentiality.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 5.4 or higher, as it has been reported to fix this vulnerability. In addition, the following patches have been released for some older versions.
2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9)
2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE)
2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3)
2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p8)
|
|
Products |
|
FreeBSD
 |
5.0 |
4.x |
5.2 |
5.1 |
5.3 |
5.4 |
5.3-RELEASE-p9 |
4.11-STABLE |
4.11-RELEASE-p3 |
4.10-RELEASE-p8 |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
