Lucene search
MitreCVE-2003-1289HistoryDec 17, 2005 - 9:00 p.m.
CVE-2003-1289
2005-12-1721:00:00
mitre
web.nvd.nist.gov
21
netbsd
freebsd
statfs
memory disclosure
ibcs2
cve-2003-1289
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
5.1%
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
Affected configurations
Node
freebsdfreebsdRange≤4.8release_p2
ORfreebsdfreebsdRange≤5.1release_p1
ORfreebsdfreebsdMatch4.0
ORfreebsdfreebsdMatch5.0
ORnetbsdnetbsdMatch1.5
ORnetbsdnetbsdMatch1.5.1
ORnetbsdnetbsdMatch1.5.2
ORnetbsdnetbsdMatch1.5.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| freebsd | freebsd | * | cpe:2.3:o:freebsd:freebsd:*:release_p2:*:*:*:*:*:* |
| freebsd | freebsd | * | cpe:2.3:o:freebsd:freebsd:*:release_p1:*:*:*:*:*:* |
| freebsd | freebsd | 4.0 | cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:* |
| freebsd | freebsd | 5.0 | cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5 | cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.1 | cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.2 | cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* |
| netbsd | netbsd | 1.5.3 | cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* |
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2003-1289