Vulnerability-Lookup

CNVD-2017-37249

Vulnerability from cnvd - Published: 2017-12-15

Title

FreeBSD信息泄露漏洞（CNVD-2017-37249）

Description

FreeBSD是一种类UNIX操作系统，是由经过BSD、386BSD和4.4BSD发展而来的Unix的一个重要分支。 FreeBSD存在信息泄露漏洞。该漏洞产生的原因是ptrace(2)系统调用未能正确初始化ptrace_lwpinfo结构。本地用户可通过运行特制应用程序利用该漏洞从目标系统的内核内存获取可能敏感的信息。

Severity

低

Patch Name

FreeBSD信息泄露漏洞（CNVD-2017-37249）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc

Reference

https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc

Impacted products

Name
FreeBSD FreeBSD

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101861"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1086"
    }
  },
  "description": "FreeBSD\u662f\u4e00\u79cd\u7c7bUNIX\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7531\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684Unix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\r\n\r\nFreeBSD\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fptrace(2)\u7cfb\u7edf\u8c03\u7528\u672a\u80fd\u6b63\u786e\u521d\u59cb\u5316ptrace_lwpinfo\u7ed3\u6784\u3002\u672c\u5730\u7528\u6237\u53ef\u901a\u8fc7\u8fd0\u884c\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u76ee\u6807\u7cfb\u7edf\u7684\u5185\u6838\u5185\u5b58\u83b7\u53d6\u53ef\u80fd\u654f\u611f\u7684\u4fe1\u606f\u3002",
  "discovererName": "John Baldwin",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37249",
  "openTime": "2017-12-15",
  "patchDescription": "FreeBSD\u662f\u4e00\u79cd\u7c7bUNIX\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7531\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684Unix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\r\n\r\nFreeBSD\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fptrace(2)\u7cfb\u7edf\u8c03\u7528\u672a\u80fd\u6b63\u786e\u521d\u59cb\u5316ptrace_lwpinfo\u7ed3\u6784\u3002\u672c\u5730\u7528\u6237\u53ef\u901a\u8fc7\u8fd0\u884c\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u76ee\u6807\u7cfb\u7edf\u7684\u5185\u6838\u5185\u5b58\u83b7\u53d6\u53ef\u80fd\u654f\u611f\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeBSD\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-37249\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "FreeBSD FreeBSD"
  },
  "referenceLink": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc",
  "serverity": "\u4f4e",
  "submitTime": "2017-11-17",
  "title": "FreeBSD\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-37249\uff09"
}

CVE-2017-1086 (GCVE-0-2017-1086)

Vulnerability from cvelistv5 – Published: 2017-11-16 20:00 – Updated: 2024-09-16 23:25

Summary

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.

Severity

No CVSS data available.

CWE

Kernel Information Leak

Assigner

freebsd

References

3 references

URL	Tags
http://www.securitytracker.com/id/1039809	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101861	vdb-entryx_refsource_BID
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisoryx_refsource_FREEBSD

Impacted products

1 product

Vendor	Product	Version
FreeBSD	FreeBSD	Affected: All supported versions of FreeBSD

Date Public

2017-11-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039809",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039809"
          },
          {
            "name": "101861",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101861"
          },
          {
            "name": "FreeBSD-SA-17:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "status": "affected",
              "version": "All supported versions of FreeBSD"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Kernel Information Leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "1039809",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039809"
        },
        {
          "name": "101861",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101861"
        },
        {
          "name": "FreeBSD-SA-17:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-1086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All supported versions of FreeBSD"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FreeBSD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Kernel Information Leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039809",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039809"
            },
            {
              "name": "101861",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101861"
            },
            {
              "name": "FreeBSD-SA-17:08",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2017-1086",
    "datePublished": "2017-11-16T20:00:00.000Z",
    "dateReserved": "2016-11-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:25:39.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-37249

CVE-2017-1086 (GCVE-0-2017-1086)

Tags

Sightings

Nomenclature