5 matches found
CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
Summary: CVE-2014-8476 affects the FreeBSD kernel setlogin/getlogin path where the login-name buffer is not initialized, causing a potential kernel memory disclosure via getlogin. Affected: FreeBSD 8.4 through 10.1-RC4. Impact: local information disclosure; in practice, up to 16 bytes (FreeBSD 8)...
Debian DSA-3070-1 : kfreebsd-9 - security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. - CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. - CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. - CVE-2014-395...
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...
FreeBSD-SA-14:25.setlogin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...