FreeBSD : FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer (7cad4795-600a-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The implementation of historic stat(2) system call does not clear the
output struct before copying it out to userland. Impact : An
unprivileged user can read a portion of uninitialised kernel stack
data, which may contain sensitive information, such as the stack
guard, portions of the file cache or terminal buffers, which an
attacker might leverage to obtain elevated privileges.

See also :

http://www.nessus.org/u?7ca401dd

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92926 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now