Published: 02/02/2015 Updated: 09/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 8.4
freebsd freebsd 9.3
freebsd freebsd 10.0
freebsd freebsd 10.1

Debian Bug report logs - #776415 kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption Package: kfreebsd-10; Maintainer for kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@listsdebianorg>; Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 27 Jan 2015 20:21:01 UTC Severity: grave Tags: ...

Debian Bug report logs - #776416 kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability Package: kfreebsd-10; Maintainer for kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@listsdebianorg>; Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 27 Jan 2015 20:24:01 UTC Severity: grave Tags: patch, ...

Core Security - Corelabs Advisory corelabscoresecuritycom/ FreeBSD Kernel Multiple Vulnerabilities 1 *Advisory Information* Title: FreeBSD Kernel Multiple Vulnerabilities Advisory ID: CORE-2015-0003 Advisory URL: wwwcoresecuritycom/content/freebsd-kernel-multiple-vulnerabilities Date published: 2015-01-27 Date of last update ...

Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the ...

CWE-264 http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities http://www.securityfocus.com/bid/72342 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc http://seclists.org/fulldisclosure/2015/Jan/107 http://www.securitytracker.com/id/1031648 http://www.securityfocus.com/archive/1/534563/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776415 https://www.exploit-db.com/exploits/35938/

CVE-2014-8612

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect