Info

Disclosure

Jan 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a buffer allocated from the kernel stack is not completely initialized before being copied to userland, which may disclose portions of kernel memory resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Disclosure: OSVDB Verified

Solution

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_0 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

Products

FreeBSD Project	FreeBSD	5.4-STABLE
		6.0

References

Security Tracker: 1015541
Bugtraq ID: 16373
Secunia Advisory ID: 18599
CVE ID: 2006-0379 (see also: NVD)
SCIP VulDB ID: 2012
Related OSVDB ID: 22731
Keyword: FreeBSD-SA-06:06.kmem
Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc
Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch.asc ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch.asc
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0405.html
Vendor URL: http://www.freebsd.org

Credit

Xin LI - delphijfrontfree.net -
Karl Janmar -

Direct URL: http://osvdb.org/22730

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

FreeBSD Project

FreeBSD

References

Credit