Design/Logic Flaw

2006-04-0310:04:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.

CPENameOperatorVersion
netbsdeq1.6
netbsdeq2.1
netbsdeq2.0.2
netbsdeq1.6.1
netbsdeq2.0.3
netbsdeq1.6.2
netbsdeq1.6 beta
netbsdeq2.0.1
netbsdeq3.0
netbsdeq2.0

Name	Operator	Version
netbsd	eq	1.6
netbsd	eq	2.1
netbsd	eq	2.0.2
netbsd	eq	1.6.1
netbsd	eq	2.0.3
netbsd	eq	1.6.2
netbsd	eq	1.6 beta
netbsd	eq	2.0.1
netbsd	eq	3.0
netbsd	eq	2.0

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc

secunia.com/advisories/19464

securitytracker.com/id?1015846

www.osvdb.org/24262

www.securityfocus.com/bid/17312

exchange.xforce.ibmcloud.com/vulnerabilities/25582