FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

2004-10-08T00:00:00
ID VU:969078
Type cert
Reporter CERT
Modified 2004-10-15T20:57:00

Description

Overview

The FreeBSD syscons CONS_SCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information.

Description

Syscons is the default console driver for FreeBSD. It provides virtual terminal functionality using the machine's physical keyboard and screen. The syscons CONS_SCRSHOT ioctl fails to properly validate its input arguments. By supplying specially crafted arguments, an attacker may be able to retrieve arbitrary portions of kernel memory.


Impact

The returned portions of kernel memory may contain sensitive information, such as data from file cache or terminal buffers. For example, the terminal buffer may contain a user-supplied password.

Note that this vulnerability is exploitable only by a user who has access to the physical console or the /dev/ttyv devices.


Solution

Upgrade or Patch
Upgrade or apply a patch as specified in the FreeBSD-SA-04:15.syscons Security Advisory.


Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://secunia.com/advisories/12722/>
  • <http://www.securitytracker.com/alerts/2004/Oct/1011526.html>
  • <http://www.securityfocus.com/archive/1/377491>
  • <http://xforce.iss.net/xforce/xfdb/17584>
  • <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc>

Acknowledgements

Thanks to Christer Oberg for reporting this vulnerability.

This document was written by Will Dormann and is based on the information provided in the FreeBSD Security Advisory.

Other Information

CVE IDs: | CVE-2004-0919
---|---
Severity Metric: | 7.78
Date Public: | 2004-10-04
Date First Published: | 2004-10-08
Date Last Updated: | 2004-10-15 20:57 UTC
Document Revision: | 7