Main Vulnerability Database Vulnerabilities #VU41478

Buffer overflow in FreeBSD - CVE-2014-3952

Published: July 15, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41478

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-3952

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: FreeBSD Foundation

Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

How to mitigate CVE-2014-3952

Install update from vendor's website.

Sources

http://secunia.com/advisories/62218
http://www.debian.org/security/2014/dsa-3070
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
http://www.securityfocus.com/bid/68466
http://www.securitytracker.com/id/1030539
https://exchange.xforce.ibmcloud.com/vulnerabilities/94448

Buffer overflow in FreeBSD - CVE-2014-3952

Detailed vulnerability description

How to mitigate CVE-2014-3952

Sources

Please verify you're human