Vulnerability Name:

CVE-2002-1125 (CCN-10109)

Assigned:2002-09-16
Published:2002-09-16
Updated:2016-10-18
Summary:FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:39.libkvm
Applications using libkvm may leak sensitive descriptors

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-02:39

Source: CCN
Type: iDEFENSE Security Advisory 09.16.2002
FreeBSD Ports libkvm Security Vulnerabilities

Source: VULNWATCH
Type: UNKNOWN
20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities

Source: MITRE
Type: CNA
CVE-2002-1125

Source: BUGTRAQ
Type: UNKNOWN
20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities

Source: XF
Type: UNKNOWN
bsd-libkvm-descriptor-leak(10109)

Source: CCN
Type: OSVDB ID: 6097
FreeBSD libkvm Open File Descriptor Memory Read

Source: BID
Type: UNKNOWN
5714

Source: CCN
Type: BID-5714
BubbleMon Kernel Memory File Descriptor Leakage Vulnerability

Source: BID
Type: UNKNOWN
5716

Source: CCN
Type: BID-5716
ASCPU Kernel Memory File Descriptor Leakage Vulnerability

Source: BID
Type: UNKNOWN
5718

Source: CCN
Type: BID-5718
WMMon Memory Character File Open File Descriptor Read Vulnerability

Source: BID
Type: UNKNOWN
5719

Source: CCN
Type: BID-5719
WMNet2 Kernel Memory File Descriptor Leakage Vulnerability

Source: CCN
Type: BID-572
ToxSoft NextFTP Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5720

Source: CCN
Type: BID-5720
ASMon Kernel Memory File Descriptor Leakage Vulnerability

Source: XF
Type: UNKNOWN
bsd-libkvm-descriptor-leak(10109)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.5:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:4.6.2:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    freebsd freebsd 4.2
    freebsd freebsd 4.3
    freebsd freebsd 4.4
    freebsd freebsd 4.5
    freebsd freebsd 4.6
    freebsd freebsd 4.0
    freebsd freebsd 4.1
    freebsd freebsd 4.2
    freebsd freebsd 4.3 -
    freebsd freebsd 4.4 -
    freebsd freebsd 4.5 -
    freebsd freebsd 4.6 -
    freebsd freebsd 4.6.1
    freebsd freebsd 4.6.2 -