Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-0145 | First vendor Publication | 2006-01-09 |
| Vendor | Cve | Last vendor Modification | 2018-10-19 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0145 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 22293 | Multiple BSD kernfs lseek(2) Function Arbitrary Memory Disclosure NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the lseek system call for the kernfs file system has insufficient bounds checking, which will disclose arbitrary memory information resulting in a loss of confidentiality. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:03:37 |
|
| 2021-04-22 01:04:06 |
|
| 2020-05-23 00:17:18 |
|
| 2018-10-19 21:19:44 |
|
| 2017-07-20 09:23:17 |
|
| 2016-06-28 15:34:02 |
|
| 2016-04-26 14:12:12 |
|
| 2013-05-11 10:46:40 |
|
