FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

setsockopt(2) IPv6 sockets input validation error

Affected systems
5.2 <= FreeBSD < 5.2.1_4

Details

VuXML ID 2c6acefd-8194-11d8-9645-0020ed76ef5a
Discovery 2004-03-29
Entry 2004-03-29
Modified 2004-05-05

From the FreeBSD Security Advisory:

A programming error in the handling of some IPv6 socket options within the setsockopt(2) system call may result in memory locations being accessed without proper validation.

It may be possible for a local attacker to read portions of kernel memory, resulting in disclosure of sensitive information. A local attacker can cause a system panic.

References

CVE Name CVE-2004-0370
FreeBSD Advisory SA-04:06.ipv6