Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1066

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2004-1066
Last Modified 10 Sep 2008 03:28:55
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1066

Summary

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

Vulnerable Systems

Operating System

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.10

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3


References

XF - freebsd-profs-linprocfs-info-disclosure(18321)

FREEBSD - FreeBSD-SA-04:17


Last Updated: 27 May 2016 10:38:52