CVE-2006-0145 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0145
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0145

Description: The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24035 SREASON http://securityreason.com/securityalert/405 SAID Secunia Advisory: SA18388 Secunia Advisory: SA18712 OSVDB 22293 NETBSD MISC http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/423827/100/0/threaded BID 16173

Return to the previous page.