FreeBSD : FreeBSD -- Kernel memory disclosure in sctp(4) (dd48d9b9-5e7e-11e6-a6c3-14dae9d210b8)

High Nessus Plugin ID 92833


The remote FreeBSD host is missing one or more security-related updates.


Problem Description :

When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized.

Impact :

Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted.

This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 92833

File Name: freebsd_pkg_dd48d9b95e7e11e6a6c314dae9d210b8.nasl

Version: $Revision: 2.2 $

Type: local

Published: 2016/08/10

Modified: 2017/08/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/08/09

Vulnerability Publication Date: 2013/08/22

Reference Information

CVE: CVE-2013-5209

BID: 61939

OSVDB: 96519

FreeBSD: SA-13:10.sctp