Описание
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kfreebsd-11 | fixed | 11.0~svn284956-1 | experimental | package |
| kfreebsd-10 | fixed | 10.1~svn274115-1 | package | |
| kfreebsd-9 | removed | package | ||
| kfreebsd-8 | removed | package | ||
| kfreebsd-8 | no-dsa | wheezy | package | |
| kfreebsd-8 | end-of-life | squeeze | package |
Примечания
http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
Связанные уязвимости
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.