CVE-2014-8476
Published: 13 November 2014
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
Priority
Status
Package | Release | Status |
---|---|---|
kfreebsd-8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.4-RELEASE-p19)
|
|
utopic |
Does not exist
|
|
Patches: upstream: http://security.FreeBSD.org/patches/SA-14:25/setlogin.patch |