Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8612

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2014-8612
Last Modified 04 Feb 2015 12:09:22
Published 02 Feb 2015 11:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-8612

Summary

Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.

Vulnerable Systems

Operating System

  • Freebsd 10.0

  • Freebsd 10.1

  • Freebsd 8.4

  • Freebsd 9.3


References

FREEBSD - FreeBSD-SA-15:02

SECTRACK - 1031648

BID - 72342

BUGTRAQ - 20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities

MISC - http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities


Last Updated: 27 May 2016 11:07:40