#VU30574 Information disclosure in FreeBSD
Vulnerability identifier: #VU30574
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FreeBSD
Operating systems & Components /
Operating system
Vendor: FreeBSD Foundation
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FreeBSD: 8.0 - 8.1
External links
http://access.redhat.com/security/cve/cve-2011-2480
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161
http://security-tracker.debian.org/tracker/CVE-2011-2480
http://www.openwall.com/lists/oss-security/2011/06/20/15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
