The FreeBSD syscons CONS_SCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information.
Syscons is the default console driver for FreeBSD. It provides virtual terminal functionality using the machine's physical keyboard and screen. The syscons CONS_SCRSHOT ioctl fails to properly validate its input arguments. By supplying specially crafted arguments, an attacker may be able to retrieve arbitrary portions of kernel memory.
The returned portions of kernel memory may contain sensitive information, such as data from file cache or terminal buffers. For example, the terminal buffer may contain a user-supplied password.
Note that this vulnerability is exploitable only by a user who has access to the physical console or the /dev/ttyv devices.
Upgrade or Patch
Thanks to Christer Oberg for reporting this vulnerability.
This document was written by Will Dormann and is based on the information provided in the FreeBSD Security Advisory.
|Date First Published:||2004-10-08|
|Date Last Updated:||2004-10-15 20:57 UTC|