5 matches found
FreeBSD : FreeBSD -- Kernel memory disclosure in control messages and SCTP (7240de58-6007-11e6-a6c3-14dae9d210b8)
Buffer between control message header and data may not be completely initialized before being copied to userland. CVE-2014-3952 Three SCTP cmsgs, SCTPSNDRCV, SCTPEXTRCV and SCTPRCVINFO, have implicit padding that may not be completely initialized before being copied to userland. In addition, thre...
Debian DSA-3070-1 : kfreebsd-9 - security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. - CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. - CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. - CVE-2014-395...
CVE-2014-3952
CVE-2014-3952 is a local kernel memory disclosure in FreeBSD-related kernels. The vulnerability stems from improper initialization of the buffer between the control message header and data for sockbuf control messages, allowing an unprivileged local process to read kernel memory. Affected: FreeBS...
FreeBSD-SA-14:17.kmem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...
FreeBSD -- Kernel memory disclosure in control messages and SCTP
Problem Description: Buffer between control message header and data may not be completely initialized before being copied to userland. CVE-2014-3952 Three SCTP cmsgs, SCTPSNDRCV, SCTPEXTRCV and SCTPRCVINFO, have implicit padding that may not be completely initialized before being copied to...