FreeBSD Buffer Length Logic Error Arbitrary Kernel Memory Disclosure

2006-01-25T00:00:00
ID OSVDB:22731
Type osvdb
Reporter Karl Janmar(), Xin LI(delphij@frontfree.net)
Modified 2006-01-25T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a logic error in computing a buffer length may allow too much data to be copied into userland, which may disclose portions of kernel memory resulting in a loss of confidentiality.

Solution Description

Upgrade to version 5-STABLE or 6-STABLE, or to the RELENG_6_0 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

Short Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a logic error in computing a buffer length may allow too much data to be copied into userland, which may disclose portions of kernel memory resulting in a loss of confidentiality.

References:

Vendor URL: http://www.freebsd.org/ Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch.asc Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch.asc Security Tracker: 1015541 Secunia Advisory ID:18599 Related OSVDB ID: 22730 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0405.html Keyword: FreeBSD-SA-06:06.kmem CVE-2006-0380 Bugtraq ID: 16373