Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD information leakage
Published:10.11.2014
Source:
SecurityVulns ID:14079
Type:local
Threat Level:
5/10
Description:Kernel information disclosure in setlogin/getlogin calls.
Affected:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin (10.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod