Design/Logic Flaw

2006-04-0310:04:00

PRIOn knowledge base

www.prio-n.com

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc

secunia.com/advisories/19464

securitytracker.com/id?1015846

www.osvdb.org/24262

www.securityfocus.com/bid/17312

exchange.xforce.ibmcloud.com/vulnerabilities/25582