CVE-2014-3953

EUVD-2014-3886
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
8.4
freebsdfreebsd
9.1
freebsdfreebsd
9.2
freebsdfreebsd
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/62218
http://www.debian.org/security/2014/dsa-3070
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
http://www.securitytracker.com/id/1030539
http://secunia.com/advisories/62218
http://www.debian.org/security/2014/dsa-3070
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
http://www.securitytracker.com/id/1030539