04-17-2005, 11:57 AM #1Problem Solver
- Join Date
- Mar 2003
- California USA
FreeBsd Security: Kernel memory disclosure in ifconf()
The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce
a list of the existing network interfaces and copy it into a buffer
provided by the user process.
II. Problem Description
In generating the list of network interfaces, the kernel writes into a
portion of a buffer without first zeroing it. As a result, the prior
contents of the buffer will be disclosed to the calling process.
Up to 12 bytes of kernel memory may be disclosed to the user process.
Such memory might contain sensitive information, such as portions of
the file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in some
way. For example, a terminal buffer might include a user-entered
password.Steven Ciaburri | Proactive Linux Server Management - Rack911.com
Managed Servers (AS62710), Server Management, and Security Auditing.
04-17-2005, 01:13 PM #2Web Hosting Master
- Join Date
- Jan 2001
FWIW, I think this is the least serious advisory we've issued in many years. It does, barely, meet our definition of a "security issue", but I can't think of any way to actually exploit this.Dr. Colin Percival, FreeBSD Security Officer
Online backups for the truly paranoid: http://www.tarsnap.com/