Vulnerabilities > CVE-2003-1289 - Local Security vulnerability in BSD IBCS2

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

freebsd

netbsd

NVD

Published: 2003-12-31

Updated: 2017-07-20

Summary

The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.0 Freebsd Freebsd * Freebsd Freebsd 5.0	4
OS	Netbsd Netbsd Netbsd 1.5 Netbsd Netbsd 1.5.1 Netbsd Netbsd 1.5.2 Netbsd Netbsd 1.5.3	4

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc
http://secunia.com/advisories/9504
http://securitytracker.com/id?1007460
http://www.osvdb.org/2406
https://exchange.xforce.ibmcloud.com/vulnerabilities/12892