Vigil@nce - FreeBSD: information disclosure via ktrace
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the ktrace() function of FreeBSD, in order to
obtain sensitive information.
Impacted products: FreeBSD
Severity: 1/4
Creation date: 04/06/2014
DESCRIPTION OF THE VULNERABILITY
The ktrace() function is used to trace events, in order for
example to debug a program.
However, the sys/kern/kern_ktrace.c file does not initialize the
last field of the data_lengths array, which contains KTR_FAULTEND
(end of page fault). When a page error occurs, the ktrace()
function can then return too many data.
An attacker can therefore use the ktrace() function of FreeBSD, in
order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-information-disclosure-via-ktrace-14839