FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

ID VU:969078
Type cert
Reporter CERT
Modified 2004-10-15T20:57:00



The FreeBSD syscons CONS_SCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information.


Syscons is the default console driver for FreeBSD. It provides virtual terminal functionality using the machine's physical keyboard and screen. The syscons CONS_SCRSHOT ioctl fails to properly validate its input arguments. By supplying specially crafted arguments, an attacker may be able to retrieve arbitrary portions of kernel memory.


The returned portions of kernel memory may contain sensitive information, such as data from file cache or terminal buffers. For example, the terminal buffer may contain a user-supplied password.

Note that this vulnerability is exploitable only by a user who has access to the physical console or the /dev/ttyv devices.


Upgrade or Patch
Upgrade or apply a patch as specified in the FreeBSD-SA-04:15.syscons Security Advisory.

Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group | Score | Vector
Base | |
Temporal | |
Environmental | |


  • <>
  • <>
  • <>
  • <>
  • <>


Thanks to Christer Oberg for reporting this vulnerability.

This document was written by Will Dormann and is based on the information provided in the FreeBSD Security Advisory.

Other Information

CVE IDs: | CVE-2004-0919
Severity Metric: | 7.78
Date Public: | 2004-10-04
Date First Published: | 2004-10-08
Date Last Updated: | 2004-10-15 20:57 UTC
Document Revision: | 7