Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    California USA

    FreeBsd Security: Kernel memory disclosure in ifconf()

    I. Background

    The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce
    a list of the existing network interfaces and copy it into a buffer
    provided by the user process.

    II. Problem Description

    In generating the list of network interfaces, the kernel writes into a
    portion of a buffer without first zeroing it. As a result, the prior
    contents of the buffer will be disclosed to the calling process.

    III. Impact

    Up to 12 bytes of kernel memory may be disclosed to the user process.
    Such memory might contain sensitive information, such as portions of
    the file cache or terminal buffers. This information might be directly
    useful, or it might be leveraged to obtain elevated privileges in some
    way. For example, a terminal buffer might include a user-entered
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  2. #2
    FWIW, I think this is the least serious advisory we've issued in many years. It does, barely, meet our definition of a "security issue", but I can't think of any way to actually exploit this.
    Dr. Colin Percival, FreeBSD Security Officer
    Online backups for the truly paranoid:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts