FreeBSD Security Advisory (FreeBSD-SA-05:04.ifconf.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:04.ifconf.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-05:04.ifconf.asc

Insight

The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce a list of the existing network interfaces and copy it into a buffer provided by the user process. In generating the list of network interfaces, the kernel writes into a portion of a buffer without first zeroing it. As a result, the prior contents of the buffer will be disclosed to the calling process.

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: bugzilla
FreeBSD Ports: apache
FreeBSD Ports: asterisk18
FreeBSD Ports: bzip2
FreeBSD Ports: bacula

Take action and discover your vulnerabilities