|
|
Info |
Last Modified |
| 9 months ago |
|
|
|
|
Description |
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user calls the accept(2), getsockname(2), or getpeername(2) system calls, or vesa(4) FBIO_GETPALETTE ioctl(2) with a large negative argument, which will cause a buffer overflow and disclose kernel memory information resulting in a loss of confidentiality.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 4.6.2-RELEASE or 4.6-STABLE; or to any of the RELENG_4_6 (4.6.1-RELEASE-p11), RELENG_4_5 (4.5-RELEASE-p19), or RELENG_4_4 (4.4-RELEASE-p26) security branches dated after the respective correction dates, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.
|
|
Products |
|
FreeBSD
 |
4.1.1-RELEASE |
4.0 |
4.1 |
4.1.1-STABLE |
4.1.1 |
4.2 |
4.3 |
4.4 |
4.3-RELEASE |
4.4-RELEASE |
4.5-RELEASE |
4.6-RELEASE |
4.5 |
4.6 |
4.2-STABLE |
4.2-RELEASE |
4.3-STABLE |
4.4-STABLE |
4.5-STABLE |
|
|
|
|
Credit |
- Silvio Cesare - silvio
 qualys.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
