Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2014-8476

Published: 13/11/2014 Updated: 14/11/2014
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Freebsd

Vulnerability Summary

The setlogin function in FreeBSD 8.4 up to and including 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 10.1

freebsd freebsd 10.0

freebsd freebsd 8.4

freebsd freebsd 9.0

freebsd freebsd 9.2

freebsd freebsd 9.1

freebsd freebsd 9.3

Vendor Advisories

Debian CVElist Bug Report Logs: kfreebsd-9: CVE-2014-3711: memory leak in sandboxed namei lookup
Debian Bug report logs - #766275 kfreebsd-9: CVE-2014-3711: memory leak in sandboxed namei lookup Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 21 Oct 2014 21:33:01 UTC Severity: important Tags: patch, security, upstream Found in versio ...
Debian CVElist Bug Report Logs: kfreebsd-9: CVE-2014-8476: getlogin kernel memory disclosure
Debian Bug report logs - #768104 kfreebsd-9: CVE-2014-8476: getlogin kernel memory disclosure Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Wed, 5 Nov 2014 01:09:01 UTC Severity: grave Tags: patch, security, upstream, wheezy Found in versio ...
Debian Security Advisories: DSA-3070-1 kfreebsd-9 -- security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups CVE-2014-3952 Kernel memory disclosure in sockbuf control messages CVE-2014-3953 Kernel memory disclosure in SCTP This updat ...

References

CWE-200http://www.debian.org/security/2014/dsa-3070http://secunia.com/advisories/61118https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.aschttp://secunia.com/advisories/62218https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766275https://www.debian.org/security/./dsa-3070
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook