CVE-2013-5666
N/A
N/A
Summary
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.asc
- http://osvdb.org/97142
- http://www.securitytracker.com/id/1029013
- http://svnweb.freebsd.org/base?view=revision&revision=255442
References
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13%3a11.sendfile.asc
- http://osvdb.org/97142
- http://www.securitytracker.com/id/1029013
- http://svnweb.freebsd.org/base?view=revision&revision=255442
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.