Vigil@nce - FreeBSD: information disclosure via SCTP
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read a memory fragment via SCTP of FreeBSD,
in order to obtain sensitive information.
Impacted products: FreeBSD
Severity: 1/4
Creation date: 09/07/2014
DESCRIPTION OF THE VULNERABILITY
The SCTP protocol is used to transport several message streams,
multiplexed over one connection.
However, several functions implementing SCTP do not initialize a
memory area before returning it to the user.
A local attacker can therefore read a memory fragment via SCTP of
FreeBSD, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-information-disclosure-via-SCTP-15014