Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

FreeBSD: syscons Boundary checking errors in syscons Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
FreeBSD The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.

FreeBSD-SA-04:15.syscons                                    Security Advisory
                                                          The FreeBSD Project

Topic:          Boundary checking errors in syscons

Category:       core
Module:         sys_dev_syscons
Announced:      2004-10-04
Credits:        Christer Oberg
Affects:        FreeBSD 5.x releases
Corrected:      2004-09-30 17:49:15 UTC (RELENG_5, 5.3-BETA6)
                2004-10-04 17:04:25 UTC (RELENG_5_2, 5.2.1-RELEASE-p11)
CVE Name:       CAN-2004-0919
FreeBSD only:   YES

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit>.

I.   Background

syscons(4) is the default console driver for FreeBSD.  Using the
physical keyboard and screen, it provides multiple virtual terminals
which appear as if they were separate terminals.  One virtual terminal
is considered current and exclusively occupies the screen and the
keyboard; the other virtual terminals are placed in the background.

II.  Problem Description

The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
its input arguments.  In particular, negative coordinates or large
coordinates may cause unexpected behavior.

III. Impact

It may be possible to cause the CONS_SCRSHOT ioctl to return portions of
kernel memory.  Such memory might contain sensitive information, such as
portions of the file cache or terminal buffers.  This information might
be directly useful, or it might be leveraged to obtain elevated
privileges in some way.  For example, a terminal buffer might include a
user-entered password.

IV.  Workaround

There is no known workaround.  However, this bug is only exploitable
by users who have access to the physical console or can otherwise open
a /dev/ttyv* device node.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to the RELENG_5_2 security branch
dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 5.2

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch
# fetch

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in> and reboot the

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  src/sys/dev/syscons/syscons.c                                 1.409.2.1

VII. References>

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.