CVE-2006-6013

Severity

21%

Complexity

39%

Confidentiality

48%

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2006-11-21 23:07:00

Last updated 6 years ago

2018-10-17 21:46:00

Affected Software

FreeBSD 5.5

5.5

NetBSD 2.0.4

2.0.4

References

20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c

[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure

[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface

22917

Vendor Advisory

FreeBSD-SA-06:25

1017344

http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c

http://www.kernelhacking.com/bsdadv1.txt

Vendor Advisory

20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure

20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure

20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure

20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure

20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure

20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure

20061121 Clarifying integer overflows vs. signedness errors

20061122 Re: Clarifying integer overflows vs. signedness errors

21089

freebsd-fwdev-integer-overflow(30347)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.