ID de Prueba:	1.3.6.1.4.1.25623.1.0.57681
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-06:25.kmem.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc Vulnerability Insight: The firewire(4) driver provides support for IEEE 1394 (FireWire) interfaces. This driver provides some of its functionality via the ioctl(2) system call. In the FW_GCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6013 BugTraq ID: 21089 http://www.securityfocus.com/bid/21089 Bugtraq: 20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451677/100/0/threaded Bugtraq: 20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451629/100/0/threaded Bugtraq: 20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451637/100/0/threaded Bugtraq: 20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451698/100/0/threaded Bugtraq: 20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/451861/100/0/threaded Bugtraq: 20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (Google Search) http://www.securityfocus.com/archive/1/452124/100/0/threaded Bugtraq: 20061121 Clarifying integer overflows vs. signedness errors (Google Search) http://www.securityfocus.com/archive/1/452264/100/0/threaded Bugtraq: 20061122 Re: Clarifying integer overflows vs. signedness errors (Google Search) http://www.securityfocus.com/archive/1/452331/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-06:25 http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c http://www.kernelhacking.com/bsdadv1.txt http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html http://securitytracker.com/id?1017344 http://secunia.com/advisories/22917 XForce ISS Database: freebsd-fwdev-integer-overflow(30347) https://exchange.xforce.ibmcloud.com/vulnerabilities/30347
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.