Bugraq ID: 35279
CNCAN ID:CNCAN-2009061101
FreeBSD是一款开放源代码的BSD操作系统。
FreeBSD "direct pipe writes"实现存在一个整数溢出错误,本地攻击者可以利用漏洞获得部分进程的内存信息,导致敏感信息泄漏。
"direct pipe writes"实现存在的缺陷可导致虚拟到物理地址查询被遗漏,可导致未授权读取其他进程的内存分页信息,使得敏感信息泄漏。
FreeBSD FreeBSD 7.2-STABLE
FreeBSD FreeBSD 7.2-RELEASE-p1
FreeBSD FreeBSD 7.1-RELEASE-p6
FreeBSD FreeBSD 6.4-RELEASE-p5
FreeBSD FreeBSD 6.4 -STABLE
FreeBSD FreeBSD 6.3-RELEASE-p11
可参考如下补丁:
FreeBSD FreeBSD 6.3-RELEASE-p11
FreeBSD pipe.patch
<a href="http://security.FreeBSD.org/patches/SA-09:09/pipe.patch" target="_blank" rel=external nofollow>http://security.FreeBSD.org/patches/SA-09:09/pipe.patch</a>
FreeBSD FreeBSD 7.2-RELEASE-p1
FreeBSD pipe.patch
<a href="http://security.FreeBSD.org/patches/SA-09:09/pipe.patch" target="_blank" rel=external nofollow>http://security.FreeBSD.org/patches/SA-09:09/pipe.patch</a>
FreeBSD FreeBSD 6.4-RELEASE-p5
FreeBSD pipe.patch
<a href="http://security.FreeBSD.org/patches/SA-09:09/pipe.patch" target="_blank" rel=external nofollow>http://security.FreeBSD.org/patches/SA-09:09/pipe.patch</a>
FreeBSD FreeBSD 7.1-RELEASE-p6
FreeBSD pipe.patch
<a href="http://security.FreeBSD.org/patches/SA-09:09/pipe.patch" target="_blank" rel=external nofollow>http://security.FreeBSD.org/patches/SA-09:09/pipe.patch</a>
京公网安备 11010502034610号
暂无评论