Test Kennung:	1.3.6.1.4.1.25623.1.0.57681
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-06:25.kmem.asc)
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc Vulnerability Insight: The firewire(4) driver provides support for IEEE 1394 (FireWire) interfaces. This driver provides some of its functionality via the ioctl(2) system call. In the FW_GCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6013 BugTraq ID: 21089 http://www.securityfocus.com/bid/21089 Bugtraq: 20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451677/100/0/threaded Bugtraq: 20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451629/100/0/threaded Bugtraq: 20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451637/100/0/threaded Bugtraq: 20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451698/100/0/threaded Bugtraq: 20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451861/100/0/threaded Bugtraq: 20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/452124/100/0/threaded Bugtraq: 20061121 Clarifying integer overflows vs. signedness errors (Google Search) http://www.securityfocus.com/archive/1/452264/100/0/threaded Bugtraq: 20061122 Re: Clarifying integer overflows vs. signedness errors (Google Search) http://www.securityfocus.com/archive/1/452331/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-06:25 http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c http://www.kernelhacking.com/bsdadv1.txt http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html http://securitytracker.com/id?1017344 http://secunia.com/advisories/22917 XForce ISS Database: freebsd-fwdev-integer-overflow(30347) https://exchange.xforce.ibmcloud.com/vulnerabilities/30347
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.