Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-6013

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20061115 NetBSD all ve...
MLIST: [tech-security] 200611...
MISC: http://www.dragonflybs...
MISC: http://www.kernelhacki...
CONFIRM: http://cvsweb.netbsd.o...
BID: 21089
SECUNIA: 22917
FREEBSD: FreeBSD-SA-06:25
SECTRACK: 1017344
MLIST: [tech-security] 200612...
XF: freebsd-fwdev-integer-...
BUGTRAQ: 20061115 DragonFlyBSD ...
BUGTRAQ: 20061115 FreeBSD all v...
BUGTRAQ: 20061115 NetBSD all ve...
BUGTRAQ: 20061115 TrustedBSD* a...
BUGTRAQ: 20061116 Re: FreeBSD a...
BUGTRAQ: 20061120 RE: FreeBSD a...
BUGTRAQ: 20061121 Clarifying in...
BUGTRAQ: 20061122 Re: Clarifyin...

Launchpad.net

CVE 2006-6013

Related bugs

References