← voltar
CVE-2013-5666

CVE-2013-5666

EPSS 0.3%
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://osvdb.org/97142http://svnweb.freebsd.org/base?view=revision&revision=255442http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.aschttp://www.securitytracker.com/id/1029013