CVE-2009-1436

Freebsd - Improper Input Validation

Title source: rule

Description

The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jaakko Heinonen · clocalfreebsd

https://www.exploit-db.com/exploits/32946

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756

[Third Party Advisory, VDB Entry] http://osvdb.org/53918

[Vendor Advisory] http://secunia.com/advisories/34810

[Vendor Advisory] http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc

[Exploit, Patch] http://www.securityfocus.com/bid/34666

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022113

Scores

EPSS 0.0028

EPSS Percentile 51.1%

Details

CWE

CWE-20

Status published

Products (5)

freebsd/freebsd 6.3 (2 CPE variants)

freebsd/freebsd 6.4 (3 CPE variants)

freebsd/freebsd 7.0 (2 CPE variants)

freebsd/freebsd 7.1 (2 CPE variants)

freebsd/freebsd 7.2 pre-release

Published Apr 27, 2009

Tracked Since Feb 18, 2026