fkie_nvd - fkie_cve-2005-1400

fkie_cve-2005-1400

Vulnerability from fkie_nvd

Published

2005-05-06 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.

References

	URL	Tags
	cve@mitre.org	ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
freebsd	freebsd	4.7
freebsd	freebsd	4.8
freebsd	freebsd	4.9
freebsd	freebsd	4.10
freebsd	freebsd	4.11
freebsd	freebsd	5.1
freebsd	freebsd	5.2
freebsd	freebsd	5.3
freebsd	freebsd	5.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFD9D1C-A459-47AD-BC62-15631417A32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "582B9BF3-5BF1-44A3-A580-62F2D44FDD34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A80E6A-6502-4A33-83BA-7DCC606D79AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD85B1ED-1473-4C22-9E1E-53F07CF517E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values."
    }
  ],
  "id": "CVE-2005-1400",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2005-1400 (GCVE-0-2005-1400)

Vulnerability from cvelistv5

Published

2005-05-06 04:00

Modified

2024-09-16 18:33

Severity ?

CWE

Summary

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.

References

URL

Tags

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc

vendor-advisory, x_refsource_FREEBSD