diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2007-02-27 19:46:18 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2007-02-27 19:46:18 +0000 |
| commit | d820a7b9a4f8307bbcf8c930f33db563d0ca59c4 (patch) | |
| tree | 1638c4473dfe1cf3283b06047bd2456aecfe4fa9 /security/vuxml/vuln.xml | |
| parent | ec9c55f34b00ca163e92c0303eb81f2c0acb5bc3 (diff) | |
| download | ports-d820a7b9a4f8307bbcf8c930f33db563d0ca59c4.tar.gz ports-d820a7b9a4f8307bbcf8c930f33db563d0ca59c4.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8311511272d4..1940bd901f59 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,53 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="5c554c0f-c69a-11db-9f82-000e0c2e438a"> + <topic>FreeBSD -- Kernel memory disclosure in firewire(4)</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><gt>6.1</gt><lt>6.1_11</lt></range> + <range><gt>6.0</gt><lt>6.2_16</lt></range> + <range><gt>5.5</gt><lt>5.5_9</lt></range> + <range><gt>4.11</gt><lt>4.11_26</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>In the FW_GCROM ioctl, a signed integer comparison is used + instead of an unsigned integer comparison when computing the + length of a buffer to be copied from the kernel into the + calling application.</p> + <h1>Impact:</h1> + <p>A user in the "operator" group can read the contents of + kernel memory. Such memory might contain sensitive + information, such as portions of the file cache or terminal + buffers. This information might be directly useful, or it + might be leveraged to obtain elevated privileges in some way; + for example, a terminal buffer might include a user-entered + password.</p> + <h1>Workaround:</h1> + <p>No workaround is available, but systems without IEEE 1394 + ("FireWire") interfaces are not vulnerable. (Note that + systems with IEEE 1394 interfaces are affected regardless of + whether any devices are attached.)</p> + <p>Note also that FreeBSD does not have any non-root users in + the "operator" group by default; systems on which no users + have been added to this group are therefore also not + vulnerable.</p> + </body> + </description> + <references> + <cvename>CVE-2006-6013</cvename> + <freebsdsa>SA-06:25.kmem</freebsdsa> + </references> + <dates> + <discovery>2006-12-06</discovery> + <entry>2007-02-27</entry> + </dates> + </vuln> + <vuln vid="792bc222-c5d7-11db-9f82-000e0c2e438a"> <topic>libarchive -- Infinite loop in corrupt archives handling in libarchive</topic> <affects> |