FreeBSD : FreeBSD -- ktrace kernel memory disclosure (6e04048b-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Due to an overlooked merge to -STABLE branches, the size for page
fault kernel trace entries was set incorrectly. Impact : A user who
can enable kernel process tracing could end up reading the contents of
kernel memory.

Such memory might contain sensitive information, such as portions of
the file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in some
way; for example, a terminal buffer might include a user-entered
password.

See also :

http://www.nessus.org/u?f637ab75

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92902 ()

Bugtraq ID: 67812

CVE ID: CVE-2014-3873

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now