CVE-2006-0379 - FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available

CVE-2006-0379

Summary

FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc
http://secunia.com/advisories/18599
http://securitytracker.com/id?1015541
http://www.osvdb.org/22730
http://www.securityfocus.com/bid/16373
https://exchange.xforce.ibmcloud.com/vulnerabilities/24338

Vulnerable Configurations

cpe:2.3:o:freebsd:freebsd:5.4:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.4:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	16373
freebsd	FreeBSD-SA-06:06
osvdb	22730
sectrack	1015541
secunia	18599
xf	bsd-buffer-initialization-disclosure(24338)

Last major update

20-07-2017 - 01:29

Published

25-01-2006 - 22:03

Last modified

20-07-2017 - 01:29