FreeBSD : FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO) (34a3f9b5-dab3-11e7-b5af-a4badb2f4699)

low Nessus Plugin ID 105064

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. Impact : Some bytes from the kernel stack of the thread using ptrace(PT_LWPINFO) call can be observed in userspace.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?92307b9e

Plugin Details

Severity: Low

ID: 105064

File Name: freebsd_pkg_34a3f9b5dab311e7b5afa4badb2f4699.nasl

Version: 3.5

Type: local

Published: 12/7/2017

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 12/6/2017

Vulnerability Publication Date: 11/15/2017

Reference Information

CVE: CVE-2017-1086

FreeBSD: SA-17:08.ptrace