Detections
Analytics

FreeBSD : FreeBSD -- ktrace kernel memory disclosure (6e04048b-6007-11e6-a6c3-14dae9d210b8)

low Nessus Plugin ID 92902

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. Impact : A user who can enable kernel process tracing could end up reading the contents of kernel memory.

Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?f8efe11c

Plugin Details

Severity: Low

ID: 92902

File Name: freebsd_pkg_6e04048b600711e6a6c314dae9d210b8.nasl

Version: 2.4

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 6/3/2014

Reference Information

CVE: CVE-2014-3873

BID: 67812

FreeBSD: SA-14:12.ktrace