| Vulnerability Name: | CVE-2006-1588 (CCN-25582) | ||||||||
| Assigned: | 2006-03-29 | ||||||||
| Published: | 2006-03-29 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: NETBSD Type: Vendor Advisory NetBSD-SA2006-005 Source: CCN Type: NetBSD Security Advisory 2006-005 bridge memory disclosure Source: MITRE Type: CNA CVE-2006-1588 Source: CCN Type: SA19464 NetBSD if_bridge Kernel Memory Disclosure Vulnerability Source: SECUNIA Type: Vendor Advisory 19464 Source: CCN Type: SECTRACK ID: 1015846 NetBSD if_bridge() May Disclose Portions of Kernel Memory to Local Users Source: SECTRACK Type: Patch 1015846 Source: OSVDB Type: UNKNOWN 24262 Source: CCN Type: OSVDB ID: 24262 NetBSD if_bridge(4) Function Arbitrary Kernel Memory Disclosure Source: BID Type: Patch, Vendor Advisory 17312 Source: CCN Type: BID-17312 NetBSD If_Bridge(4) Kernel Memory Disclosure Vulnerability Source: XF Type: UNKNOWN bsd-ifbridge-information-disclosure(25582) Source: XF Type: UNKNOWN bsd-ifbridge-information-disclosure(25582) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||