| Vulnerability Name: | CVE-2006-6013 (CCN-30347) | ||||||||
| Assigned: | 2006-11-15 | ||||||||
| Published: | 2006-11-15 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. Note: this issue has been labeled as an integer overflow, but it is more like an integer signedness error. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: FULLDISC Type: UNKNOWN 20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: MITRE Type: CNA CVE-2006-6013 Source: CONFIRM Type: UNKNOWN http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c Source: MLIST Type: UNKNOWN [tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: MLIST Type: UNKNOWN [tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface Source: CCN Type: MidnightBSD Web site MidnightBSD Project Source: CCN Type: SA22917 FreeBSD "fw_ioctl()" Integer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 22917 Source: CCN Type: FreeBSD-SA-06:25.kmem Kernel memory disclosure in firewire(4) Source: FREEBSD Type: UNKNOWN FreeBSD-SA-06:25 Source: CCN Type: SECTRACK ID: 1017344 BSD FireWire Driver fw_ioctl() Integer Signedness Error Lets Local Users Read Kernel Memory Source: SECTRACK Type: UNKNOWN 1017344 Source: MISC Type: UNKNOWN http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c Source: CCN Type: BSDaemon Advisory 15/11/2006 FreeBSD/NetBSD/TrustedBSD*/DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: MISC Type: Vendor Advisory http://www.kernelhacking.com/bsdadv1.txt Source: CCN Type: OSVDB ID: 30291 Multiple BSD FireWire fwdev.c fw_ioctl() Function Local Overflow Source: BUGTRAQ Type: UNKNOWN 20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure Source: BUGTRAQ Type: UNKNOWN 20061121 Clarifying integer overflows vs. signedness errors Source: BUGTRAQ Type: UNKNOWN 20061122 Re: Clarifying integer overflows vs. signedness errors Source: BID Type: UNKNOWN 21089 Source: CCN Type: BID-21089 Multiple BSD Vendor FireWire IOCTL Local Integer Overflow Vulnerability Source: CCN Type: TrustedBSD Web site TrustedBSD - Home Source: XF Type: UNKNOWN bsd-fwdev-integer-overflow(30347) Source: XF Type: UNKNOWN freebsd-fwdev-integer-overflow(30347) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||