CVE-2014-8476CVE-2014-8476

Affected configuration(s):

cpe:/o:freebsd:freebsd:8.4
cpe:/o:freebsd:freebsd:9.0
cpe:/o:freebsd:freebsd:9.0:beta1
cpe:/o:freebsd:freebsd:9.0:beta2
cpe:/o:freebsd:freebsd:9.1
cpe:/o:freebsd:freebsd:9.2
cpe:/o:freebsd:freebsd:9.3
cpe:/o:freebsd:freebsd:10.0
cpe:/o:freebsd:freebsd:10.1
cpe:/o:freebsd:freebsd:10.1:rc1
cpe:/o:freebsd:freebsd:10.1:rc2
cpe:/o:freebsd:freebsd:10.1:rc3
cpe:/o:freebsd:freebsd:10.1:rc4

Date published: 2014-11-13T16:32:07.703-05:00

Date last modified: 2014-11-14T10:01:54.237-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.debian.org/security/2014/dsa-3070

Summary: The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.