Overview
The FreeBSD syscons CONS_SCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information.
Description
Syscons is the default console driver for FreeBSD. It provides virtual terminal functionality using the machine's physical keyboard and screen. The syscons CONS_SCRSHOT ioctl fails to properly validate its input arguments. By supplying specially crafted arguments, an attacker may be able to retrieve arbitrary portions of kernel memory. |
Impact
The returned portions of kernel memory may contain sensitive information, such as data from file cache or terminal buffers. For example, the terminal buffer may contain a user-supplied password. Note that this vulnerability is exploitable only by a user who has access to the physical console or the /dev/ttyv devices. |
Solution
Upgrade or Patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Christer Oberg for reporting this vulnerability.
This document was written by Will Dormann and is based on the information provided in the FreeBSD Security Advisory.
Other Information
| CVE IDs: | CVE-2004-0919 |
| Severity Metric: | 7.78 |
| Date Public: | 2004-10-04 |
| Date First Published: | 2004-10-08 |
| Date Last Updated: | 2004-10-15 20:57 UTC |
| Document Revision: | 7 |