SB2014061012 - Input validation error in FreeBSD
Published: June 10, 2014 Updated: August 10, 2020
Security Bulletin ID
SB2014061012
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-3873)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.
Remediation
Install update from vendor's website.