Vulnerabilities > CVE-2005-1036 - Missing Initialization of Resource vulnerability in Freebsd

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

freebsd

CWE-909

NVD

Published: 2005-05-02

Updated: 2024-02-08

Summary

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 5.0 Freebsd Freebsd 5.1 Freebsd Freebsd 5.2 Freebsd Freebsd 5.2.1 Freebsd Freebsd 5.3 Freebsd Freebsd 5.4	109
Hardware	Amd AMD Amd64 -	1

Common Weakness Enumeration (CWE)

CWE-909 - Missing Initialization of Resource

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc