CVE-2009-1935 - OpenCVE

Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:6.3:::::::*
	cpe:2.3:o:freebsd:freebsd:6.3:release_p10::::::
	cpe:2.3:o:freebsd:freebsd:6.3_releng:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:release_p4::::::
	cpe:2.3:o:freebsd:freebsd:6.4:stable::::::
	cpe:2.3:o:freebsd:freebsd:7.1:::::::*
	cpe:2.3:o:freebsd:freebsd:7.1:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:7.1:rc1::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p1::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p2::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p5::::::
	cpe:2.3:o:freebsd:freebsd:7.1:stable::::::
	cpe:2.3:o:freebsd:freebsd:7.2:::::::*
	cpe:2.3:o:freebsd:freebsd:7.2:pre-release::::::

References

Link	Resource
http://osvdb.org/55044
http://secunia.com/advisories/35398	Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc	Patch Vendor Advisory
http://security.freebsd.org/patches/SA-09:09/pipe.patch	Exploit Vendor Advisory
http://www.securityfocus.com/bid/35279
http://www.securitytracker.com/id?1022365
https://exchange.xforce.ibmcloud.com/vulnerabilities/51109

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2009-06-18T18:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-06-05T00:00:00

Link: CVE-2009-1935

JSON object: View

NVD Information

Status : Modified

Published: 2009-06-18T18:30:00.407

Modified: 2017-08-17T01:30:34.740

Link: CVE-2009-1935

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "freebsd-directpipe-info-disclosure(51109)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"name": "35279", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35279"}, {"name": "35398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35398"}, {"name": "55044", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/55044"}, {"name": "1022365", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022365"}, {"name": "FreeBSD-SA-09:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2009-1935", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "freebsd-directpipe-info-disclosure(51109)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}, {"name": "http://security.freebsd.org/patches/SA-09:09/pipe.patch", "refsource": "CONFIRM", "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"name": "35279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35279"}, {"name": "35398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35398"}, {"name": "55044", "refsource": "OSVDB", "url": "http://osvdb.org/55044"}, {"name": "1022365", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022365"}, {"name": "FreeBSD-SA-09:09", "refsource": "FREEBSD", "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2009-1935", "datePublished": "2009-06-18T18:00:00", "dateReserved": "2009-06-05T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:release_p10:*:*:*:*:*:*", "matchCriteriaId": "9A1D9D46-75E4-4742-9CF3-2B063B6B7504", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3_releng:*:*:*:*:*:*:*", "matchCriteriaId": "72C2BE9D-91E1-48E9-9326-39CF583A57E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A4F7F02A-C845-40BF-8490-510A070000F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*", "matchCriteriaId": "8E08DCB9-9064-4DB7-B43A-7B415882EB50", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*", "matchCriteriaId": "06FB0EEA-254E-4A1F-99E7-058FCD518E22", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:pre-release:*:*:*:*:*:*", "matchCriteriaId": "14D72C9B-EEB0-4605-BEA2-F77092129245", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "52DBF406-9C77-4DDA-AB7D-40FAE40023D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p1:*:*:*:*:*:*", "matchCriteriaId": "20A31C9A-A928-4C9B-BB49-0E53227746DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p2:*:*:*:*:*:*", "matchCriteriaId": "99FB7443-F942-402A-9104-64677EAF014E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:*", "matchCriteriaId": "C2A31704-E99F-4DBE-ABA4-EC3E566DE6CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:stable:*:*:*:*:*:*", "matchCriteriaId": "E9A75104-5A3E-485E-B4EC-0873C942731C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "F948527C-A01E-4315-80B6-47FACE18A34F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*", "matchCriteriaId": "8B573401-DC6F-4AFE-92F5-D96F785D2107", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n pipe_build_write_buffer (sys/kern/sys_pipe.c) en la caracter\u00edstica de escritura directa en la implementaci\u00f3n del filtro en FreeBSD v7.1 hasta v7.2 y v6.3 hasta v6.4, permite a usuarios locales saltarse las b\u00fasquedas de direcciones virtual-to-physical, y leer informaci\u00f3n sensible en paginas de memoria a trav\u00e9s de vectores no espec\u00edficos."}], "id": "CVE-2009-1935", "lastModified": "2017-08-17T01:30:34.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-18T18:30:00.407", "references": [{"source": "secteam@freebsd.org", "url": "http://osvdb.org/55044"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35398"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}, {"source": "secteam@freebsd.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"source": "secteam@freebsd.org", "url": "http://www.securityfocus.com/bid/35279"}, {"source": "secteam@freebsd.org", "url": "http://www.securitytracker.com/id?1022365"}, {"source": "secteam@freebsd.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}