CVE-2009-1935

FreeBSD 6.3-6.4 and 7.1-7.2 - Information Disclosure via Pipe Direct Write Optimization

Title source: llm
STIX 2.1

Description

Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51109
Exploit, Vendor Advisory x_refsource_confirm
http://security.freebsd.org/patches/SA-09:09/pipe.patch
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35279
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35398
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55044
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022365
Patch, Vendor Advisory vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc

Scores

EPSS 0.0007
EPSS Percentile 21.3%

Details

CWE
CWE-189
Status published
Products (5)
freebsd/freebsd 6.3 (2 CPE variants)
freebsd/freebsd 6.3_releng
freebsd/freebsd 6.4 (3 CPE variants)
freebsd/freebsd 7.1 (7 CPE variants)
freebsd/freebsd 7.2 (2 CPE variants)
Published Jun 18, 2009
Tracked Since Feb 18, 2026