FreeBSD : FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2) (74389f22-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

When setlogin(2) is called while setting up a new login session, the
login name is copied into an uninitialized stack buffer, which is then
copied into a buffer of the same size in the session structure. The
getlogin(2) system call returns the entire buffer rather than just the
portion occupied by the login name associated with the session. Impact
: An unprivileged user can access this memory by calling getlogin(2)
and reading beyond the terminating NUL character of the resulting
string. Up to 16 (FreeBSD 8) or 32 (FreeBSD 9 and 10) bytes of kernel
memory may be leaked in this manner for each invocation of
setlogin(2).

This memory may contain sensitive information, such as portions of the
file cache or terminal buffers, which an attacker might leverage to
obtain elevated privileges.

See also :

http://www.nessus.org/u?8dac2fe7

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92912 ()

Bugtraq ID: 70912

CVE ID: CVE-2014-8476

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now