[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3014Date: (C)2010-08-20   (M)2023-12-22


The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/513151/100/0/threaded
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN
http://svn.freebsd.org/viewvc/base?view=revision&revision=210997
http://www.vsecurity.com/resources/advisory/20100816-1/

CPE    2
cpe:/o:freebsd:freebsd
cpe:/o:netbsd:netbsd
CWE    1
CWE-200

© SecPod Technologies