Vulnerabilities > CVE-2006-0145 - Local Kernel Memory Disclosure vulnerability in Multiple Vendor KernFS LSEEK
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 9 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc
- http://secunia.com/advisories/18388
- http://secunia.com/advisories/18712
- http://securityreason.com/securityalert/405
- http://www.osvdb.org/22293
- http://www.securityfocus.com/archive/1/423827/100/0/threaded
- http://www.securityfocus.com/bid/16173
- http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24035