Vulnerability Details CVE-2006-0145
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.0%
CVSS Severity
CVSS v2 Score 4.6
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc
- http://secunia.com/advisories/18388
- http://secunia.com/advisories/18712
- http://securityreason.com/securityalert/405
- http://www.osvdb.org/22293
- http://www.securityfocus.com/archive/1/423827/100/0/threaded
- http://www.securityfocus.com/bid/16173
- http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24035
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc
- http://secunia.com/advisories/18388
- http://secunia.com/advisories/18712
- http://securityreason.com/securityalert/405
- http://www.osvdb.org/22293
- http://www.securityfocus.com/archive/1/423827/100/0/threaded
- http://www.securityfocus.com/bid/16173
- http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24035
Products affected by CVE-2006-0145
-
cpe:2.3:o:netbsd:netbsd:1.6
-
cpe:2.3:o:netbsd:netbsd:1.6.1
-
cpe:2.3:o:netbsd:netbsd:1.6.2
-
cpe:2.3:o:netbsd:netbsd:2.0
-
cpe:2.3:o:netbsd:netbsd:2.0.1
-
cpe:2.3:o:netbsd:netbsd:2.0.2
-
cpe:2.3:o:netbsd:netbsd:2.0.3
-
cpe:2.3:o:netbsd:netbsd:2.1