CVE-2013-5666

Sažetak

The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.

Reference

http://osvdb.org/97142
http://svnweb.freebsd.org/base?view=revision&revision=255442
http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.asc
http://www.securitytracker.com/id/1029013

CVSS

Base:	4.7
Impact:	6.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

26-09-2013 - 03:53

Objavljeno

23-09-2013 - 20:55