FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a logic error in computing a buffer length may allow too much data to be copied into userland, which may disclose portions of kernel memory resulting in a loss of confidentiality.

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_0 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

• Security Tracker: 1015541
• Bugtraq ID: 16373
• Secunia Advisory ID: 18599
• CVE ID: 2006-0380 (see also: NVD)
• Related OSVDB ID: 22730
• Keyword: FreeBSD-SA-06:06.kmem
• Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc
• Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch.asc
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0405.html
• Vendor URL: http://www.freebsd.org/

• Xin LI - delphijfrontfree.net -
• Karl Janmar -