FrSIRT Advisory : FrSIRT/ADV-2005-0357 CVE Reference : GENERIC-MAP-NOMATCH Rated as : Low Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2005-04-16
* Technical Description / Exploit * A new vulnerability was identified in FreeBSD, which may be exploited by local attackers to disclose sensitive information. The flaw resides in the "SIOCGIFCONF" ioctl, and occurs when generating the list of network interfaces without zeroing the buffer, which may cause up to 12 bytes of kernel memory to be disclosed to the user process. * Affected Products * FreeBSD 4.x FreeBSD 5.x * Solution * FreeBSD 4.x : ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch FreeBSD 5.x : ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch * References * http://www.frsirt.com/english/advisories/2005/0357 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc * Credits * Vulnerability reported by the vendor * ChangeLog * 2005-04-16 : Original Advisory --------------------------------------------------------------------- Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
