Lucene search

PRIOn knowledge basePRION:CVE-2014-3953

HistoryJul 15, 2014 - 2:55 p.m.

Privilege escalation

2014-07-1514:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.

CPENameOperatorVersion
freebsdeq10.0
freebsdeq9.1
freebsdeq9.2
freebsdeq8.4

Name	Operator	Version
freebsd	eq	10.0
freebsd	eq	9.1
freebsd	eq	9.2
freebsd	eq	8.4

References

secunia.com/advisories/62218

www.debian.org/security/2014/dsa-3070

www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc

www.securitytracker.com/id/1030539

6 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2014-3953