FreeBSD -- Kernel memory disclosure in sctp(4)
When initializing the SCTP state cookie being sent in INIT-ACK chunks,
a buffer allocated from the kernel stack is not completely initialized.
Fragments of kernel memory may be included in SCTP packets and
transmitted over the network. For each SCTP session, there are two
separate instances in which a 4-byte fragment may be transmitted.
This memory might contain sensitive information, such as portions of the
file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in
some way. For example, a terminal buffer might include a user-entered
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright