Vulnerability Details CVE-2005-1406
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.6%
CVSS Severity
CVSS v2 Score 4.6
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc
- http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html
- http://secunia.com/advisories/17368
- http://www.securityfocus.com/bid/13526
- http://www.securityfocus.com/bid/15252
- http://www.vupen.com/english/advisories/2005/2256
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc
- http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html
- http://secunia.com/advisories/17368
- http://www.securityfocus.com/bid/13526
- http://www.securityfocus.com/bid/15252
- http://www.vupen.com/english/advisories/2005/2256
Products affected by CVE-2005-1406
-
cpe:2.3:o:freebsd:freebsd:4.1
-
cpe:2.3:o:freebsd:freebsd:4.10
-
cpe:2.3:o:freebsd:freebsd:4.11
-
cpe:2.3:o:freebsd:freebsd:4.2
-
cpe:2.3:o:freebsd:freebsd:4.3
-
cpe:2.3:o:freebsd:freebsd:4.4
-
cpe:2.3:o:freebsd:freebsd:4.5
-
cpe:2.3:o:freebsd:freebsd:4.6
-
cpe:2.3:o:freebsd:freebsd:4.7
-
cpe:2.3:o:freebsd:freebsd:4.8
-
cpe:2.3:o:freebsd:freebsd:4.9
-
cpe:2.3:o:freebsd:freebsd:5.1
-
cpe:2.3:o:freebsd:freebsd:5.2
-
cpe:2.3:o:freebsd:freebsd:5.3
-
cpe:2.3:o:freebsd:freebsd:5.4