CVE-2009-1436

FreeBSD 6.3-7.2-PRERELEASE - Information Disclosure via Uninitialized Memory in db Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1436. PoCs published by Jaakko Heinonen.

AI-analyzed exploit summary This exploit demonstrates a local information-disclosure vulnerability in FreeBSD's DB library by manipulating malloc options to initialize memory with a known pattern (0x5a), which can leak sensitive information.

Description

The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jaakko Heinonen · clocalfreebsd
https://www.exploit-db.com/exploits/32946

This exploit demonstrates a local information-disclosure vulnerability in FreeBSD's DB library by manipulating malloc options to initialize memory with a known pattern (0x5a), which can leak sensitive information.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FreeBSD DB library (versions affected by CVE-2009-1436)
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34666
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53918
Vendor Advisory vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34810
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022113

Scores

EPSS 0.0089
EPSS Percentile 54.6%

Details

CWE
CWE-20
Status published
Products (5)
freebsd/freebsd 6.3 (2 CPE variants)
freebsd/freebsd 6.4 (3 CPE variants)
freebsd/freebsd 7.0 (2 CPE variants)
freebsd/freebsd 7.1 (2 CPE variants)
freebsd/freebsd 7.2 pre-release
Published Apr 27, 2009
Tracked Since Feb 18, 2026