Vigil@nce: FreeBSD, information disclosure via db
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a db database in order to obtain
fragments coming from the memory of the user who created this
database.
Severity: 1/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/04/2009
IMPACTED PRODUCTS
– FreeBSD
DESCRIPTION OF THE VULNERABILITY
The FreeBSD libc implements the db format, which is used to create
and read a database.
However, the memory area containing data is not initialized before
being filled and stored in the db file. A fragment of the memory
of user’s process is thus saved in the db file.
A local attacker allowed to read the database can therefore read
memory fragments coming from the database creator.
CHARACTERISTICS
Identifiers: BID-34666, FreeBSD-SA-09:07.libc, VIGILANCE-VUL-8661
http://vigilance.fr/vulnerability/FreeBSD-information-disclosure-via-db-8661