Lucene search

[email protected]NVD:CVE-2014-8476

HistoryNov 13, 2014 - 9:32 p.m.

CVE-2014-8476

2014-11-1321:32:07

CWE-200

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

Affected configurations

NVD

Node

freebsdfreebsdMatch8.4

freebsdfreebsdMatch9.0

freebsdfreebsdMatch9.0beta1

freebsdfreebsdMatch9.0beta2

freebsdfreebsdMatch9.1

freebsdfreebsdMatch9.2

freebsdfreebsdMatch9.3

freebsdfreebsdMatch10.0

freebsdfreebsdMatch10.1

freebsdfreebsdMatch10.1rc1

freebsdfreebsdMatch10.1rc2

freebsdfreebsdMatch10.1rc3

freebsdfreebsdMatch10.1rc4

References

secunia.com/advisories/61118

secunia.com/advisories/62218

www.debian.org/security/2014/dsa-3070

www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.asc

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-8476

securityvulns2 freebsd_advisory1 ubuntucve1 prion1 cve1 freebsd1 nessus2 debiancve1 cvelist1 debian1 osv1 openvas2