Vulnerabilities > CVE-2002-0973 - Buffer Overflow vulnerability in FreeBSD System Call Signed Integer

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

freebsd

NVD

Published: 2002-09-24

Updated: 2016-10-18

Summary

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.0 Freebsd Freebsd 4.1 Freebsd Freebsd 4.1.1 Freebsd Freebsd 4.2 Freebsd Freebsd 4.3 Freebsd Freebsd 4.4 Freebsd Freebsd 4.5 Freebsd Freebsd 4.6 Freebsd Freebsd 4.6.1	18

References

http://marc.info/?l=bugtraq&m=102976839728706&w=2
http://www.iss.net/security_center/static/9903.php
http://www.securityfocus.com/bid/5493