FreeBSD syscons Input Validation Flaw May Disclose Kernel Memory to Local Users
|
|
SecurityTracker Alert ID: 1011526 |
|
SecurityTracker URL: http://securitytracker.com/id/1011526
|
|
CVE Reference:
CAN-2004-0919
(Links to External Site)
|
Date: Oct 4 2004
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): FreeBSD 5.x
|
Description:
A vulnerability was reported in FreeBSD in syscons. A local user may be able to view portions of kernel memory.
The vendor reported that the syscons CONS_SCRSHOT ioctl(2) does not properly validate user-supplied inputs. A local user can supply specially crafted inputs, such as negative coordinates or large coordinates to trigger the flaw.
A local user on the physical console or a user with privileges to open a /dev/ttyv* device node can exploit the flaw.
Christer Oberg is credited with reporting this vulnerability.
|
Impact:
A local user may be able to view portions of kernel memory.
|
Solution:
The vendor has issued a fix, available via CVS:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/syscons/syscons.c#rev1.429
|
Vendor URL: www.freebsd.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 4 Oct 2004 14:44:49 -0400
Subject: [none]
|
CVE: CAN-2004-0919
A vulnerability was reported in FreeBSD in syscons. The syscons CONS_SCRSHOT ioctl(2)
does not properly validate user-supplied inputs. A local user can supply specially
crafted inputs, such as negative coordinates or large coordinates to trigger the flaw.
A local user on the physical console or a user with privileges to open a /dev/ttyv*
device node can exploit the flaw.
Christer Oberg is credited with reporting this vulnerability.
A fix is available via CVS:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/syscons/syscons.c#rev1.429
|
|
