CVE-2006-1588

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc	Vendor Advisory
http://www.securityfocus.com/bid/17312	Patch Vendor Advisory
http://securitytracker.com/id?1015846	Patch
http://secunia.com/advisories/19464	Vendor Advisory
http://www.osvdb.org/24262
https://exchange.xforce.ibmcloud.com/vulnerabilities/25582

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:netbsd:netbsd:1.6:::::::*
	cpe:2.3:o:netbsd:netbsd:2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:beta::::::

Information

Published : 2006-04-03 03:04

Updated : 2017-07-19 18:30

NVD link : CVE-2006-1588

Mitre link : CVE-2006-1588

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

netbsd

netbsd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc", "name": "NetBSD-SA2006-005", "tags": ["Vendor Advisory"], "refsource": "NETBSD"}, {"url": "http://www.securityfocus.com/bid/17312", "name": "17312", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015846", "name": "1015846", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19464", "name": "19464", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/24262", "name": "24262", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25582", "name": "bsd-ifbridge-information-disclosure(25582)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1588", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-04-03T10:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:30Z"}