|
|
|
 |
Vulnerability Note VU#969078FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctlOverviewThe FreeBSD syscons CONS_SCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information.I. DescriptionSyscons is the default console driver for FreeBSD. It provides virtual terminal functionality using the machine's physical keyboard and screen. The syscons CONS_SCRSHOT ioctl fails to properly validate its input arguments. By supplying specially crafted arguments, an attacker may be able to retrieve arbitrary portions of kernel memory.II. ImpactThe returned portions of kernel memory may contain sensitive information, such as data from file cache or terminal buffers. For example, the terminal buffer may contain a user-supplied password.Note that this vulnerability is exploitable only by a user who has access to the physical console or the /dev/ttyv devices.
Upgrade or apply a patch as specified in the FreeBSD-SA-04:15.syscons Security Advisory.
References
Thanks to Christer Oberg for reporting this vulnerability. This document was written by Will Dormann and is based on the information provided in the FreeBSD Security Advisory.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||
Get Adobe Reader