Description
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Core Security · textdosfreebsd
https://www.exploit-db.com/exploits/35938
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534563/100/0/threaded
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/107
Exploit x_refsource_misc
http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72342
Exploit vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031648
Scores
EPSS
0.0036
EPSS Percentile
58.2%
Details
CWE
CWE-264
Status
published
Products (4)
freebsd/freebsd
8.4
freebsd/freebsd
9.3
freebsd/freebsd
10.0
freebsd/freebsd
10.1
Published
Feb 02, 2015
Tracked Since
Feb 18, 2026