CVE-2014-3873

FreeBSD Security Advisory - ktrace Kernel Memory Disclosure

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.

La utilidad ktrace en el kernel de FreeBSD 8.4 anterior a p11, 9.1 anterior a p14, 9.2 anterior a p7 y 9.3-BETA1 anterior a p1 utiliza un tamaño incorrecto de la entrada de la traza del error de página del kernel, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una traza del proceso del kernel.

Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-27 CVE Reserved
2014-06-04 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (4)

URL	Tag	Source
http://secunia.com/advisories/58627	Third Party Advisory
http://www.securityfocus.com/bid/67812	Vdb Entry
http://www.securitytracker.com/id/1030325	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc	2014-06-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				9.1 Search vendor "Freebsd" for product "Freebsd" and version "9.1"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				9.2 Search vendor "Freebsd" for product "Freebsd" and version "9.2"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3"		beta1		Affected