Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0998

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-0998
Last Modified 13 Apr 2015 09:59:18
Published 02 Feb 2015 11:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-0998

Summary

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

Vulnerable Systems

Operating System

  • Freebsd 10.1


References

BUGTRAQ - 20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities

MISC - http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities

FREEBSD - FreeBSD-EN-15:01


Last Updated: 27 May 2016 11:08:20