FreeBSD : FreeBSD -- Kernel memory disclosure in sctp(4) (dd48d9b9-5e7e-11e6-a6c3-14dae9d210b8)

high Nessus Plugin ID 92833

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Problem Description :

When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized.

Impact :

Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted.

This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?26f02ff8

Plugin Details

Severity: High

ID: 92833

File Name: freebsd_pkg_dd48d9b95e7e11e6a6c314dae9d210b8.nasl

Version: 2.6

Type: local

Published: 8/10/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/9/2016

Vulnerability Publication Date: 8/22/2013

Reference Information

CVE: CVE-2013-5209

BID: 61939

FreeBSD: SA-13:10.sctp