The setlogin function in FreeBSD 8.4 up to and including 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 10.1 |
||
freebsd freebsd 10.0 |
||
freebsd freebsd 8.4 |
||
freebsd freebsd 9.0 |
||
freebsd freebsd 9.2 |
||
freebsd freebsd 9.1 |
||
freebsd freebsd 9.3 |