FreeBSD KAME Project IPv6 setsockopt() Kernel Memory Disclosure

2004-03-29T00:00:00
ID OSVDB:5985
Type osvdb
Reporter Colin Percival(), Katsuhisa ABE()
Modified 2004-03-29T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is in FreeBSD's implementation of KAME Project IPv6 code beacuse of an input validation flaw in the "setsockopt()" system call when handling certain IPv6 socket options, which will disclose the kernel memory resulting in a loss of confidentiality. No further details are available.

Solution Description

Upgrade to version RELENG_5_2 security branch or higher, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.

Short Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is in FreeBSD's implementation of KAME Project IPv6 code beacuse of an input validation flaw in the "setsockopt()" system call when handling certain IPv6 socket options, which will disclose the kernel memory resulting in a loss of confidentiality. No further details are available.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Advisory URL Secunia Advisory ID:11233 Related OSVDB ID: 4668 CVE-2004-0370 Bugtraq ID: 9992