Описание
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
4.7 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
debian
больше 12 лет назад
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...
github
больше 3 лет назад
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
EPSS
Процентиль: 21%
0.00068
Низкий
4.7 Medium
CVSS2
Дефекты
CWE-200