CVE Vulnerabilities

CVE-2003-1289

Published: Dec 31, 2003 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.

Affected Software

Name Vendor Start Version End Version
Freebsd Freebsd 4.0 4.0
Freebsd Freebsd * 4.8
Freebsd Freebsd 5.0 5.0
Freebsd Freebsd * 5.1
Netbsd Netbsd 1.5 1.5
Netbsd Netbsd 1.5.1 1.5.1
Netbsd Netbsd 1.5.2 1.5.2
Netbsd Netbsd 1.5.3 1.5.3

References