Information Disclosure Vulnerability in sendfile System-Call Implementation in FreeBSD 9.2-RC1 and 9.2-RC2

Information Disclosure Vulnerability in sendfile System-Call Implementation in FreeBSD 9.2-RC1 and 9.2-RC2

CVE-2013-5666 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:N/A:N

The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.

Learn more about our User Device Pen Test.