CVE-2014-8476

Published Nov 13, 2014

Last updated 10 years ago

CVSS info 2.1

Overview

Description: The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DB4C0E8-8E50-44B1-BE0C-4C261D9E9730"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFBAF8FD-8266-46F4-836D-B0A24ECC817D"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D96D084-E1BC-437D-ACEB-B545078B8549"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C560926-7789-4052-819D-C36C43C9C61E"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57052F01-8695-4C63-A947-7671375B9312"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BDEF786-0D79-4B1E-BBB8-0FC5B258F03C"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A7E512-EB2B-46CC-BB53-82B6C7166D53"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F2EFCA1-F4AE-4EC8-841D-DF841BF73609"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B86D174A-E65A-4358-992F-0155FAC36D8F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References