CVE-2009-1935 - OpenCVE

Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:6.3:::::::*
	cpe:2.3:o:freebsd:freebsd:6.3:release_p10::::::
	cpe:2.3:o:freebsd:freebsd:6.3_releng:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:release_p4::::::
	cpe:2.3:o:freebsd:freebsd:6.4:stable::::::
	cpe:2.3:o:freebsd:freebsd:7.1:::::::*
	cpe:2.3:o:freebsd:freebsd:7.1:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:7.1:rc1::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p1::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p2::::::
	cpe:2.3:o:freebsd:freebsd:7.1:release-p5::::::
	cpe:2.3:o:freebsd:freebsd:7.1:stable::::::
	cpe:2.3:o:freebsd:freebsd:7.2:::::::*
	cpe:2.3:o:freebsd:freebsd:7.2:pre-release::::::

No data.

References

Link	Providers
http://osvdb.org/55044
http://secunia.com/advisories/35398
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
http://security.freebsd.org/patches/SA-09:09/pipe.patch
http://www.securityfocus.com/bid/35279
http://www.securitytracker.com/id?1022365
https://exchange.xforce.ibmcloud.com/vulnerabilities/51109

History

No history.

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2009-06-18T18:00:00

Updated: 2024-08-07T05:27:54.929Z

Reserved: 2009-06-05T00:00:00

Link: CVE-2009-1935

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-06-18T18:30:00.407

Modified: 2017-08-17T01:30:34.740

Link: CVE-2009-1935

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "freebsd-directpipe-info-disclosure(51109)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"name": "35279", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35279"}, {"name": "35398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35398"}, {"name": "55044", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/55044"}, {"name": "1022365", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022365"}, {"name": "FreeBSD-SA-09:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2009-1935", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "freebsd-directpipe-info-disclosure(51109)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}, {"name": "http://security.freebsd.org/patches/SA-09:09/pipe.patch", "refsource": "CONFIRM", "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"name": "35279", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35279"}, {"name": "35398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35398"}, {"name": "55044", "refsource": "OSVDB", "url": "http://osvdb.org/55044"}, {"name": "1022365", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022365"}, {"name": "FreeBSD-SA-09:09", "refsource": "FREEBSD", "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:27:54.929Z"}, "title": "CVE Program Container", "references": [{"name": "freebsd-directpipe-info-disclosure(51109)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"name": "35279", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35279"}, {"name": "35398", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35398"}, {"name": "55044", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/55044"}, {"name": "1022365", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022365"}, {"name": "FreeBSD-SA-09:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2009-1935", "datePublished": "2009-06-18T18:00:00", "dateReserved": "2009-06-05T00:00:00", "dateUpdated": "2024-08-07T05:27:54.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:release_p10:*:*:*:*:*:*", "matchCriteriaId": "9A1D9D46-75E4-4742-9CF3-2B063B6B7504", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3_releng:*:*:*:*:*:*:*", "matchCriteriaId": "72C2BE9D-91E1-48E9-9326-39CF583A57E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A4F7F02A-C845-40BF-8490-510A070000F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*", "matchCriteriaId": "8E08DCB9-9064-4DB7-B43A-7B415882EB50", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*", "matchCriteriaId": "06FB0EEA-254E-4A1F-99E7-058FCD518E22", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:pre-release:*:*:*:*:*:*", "matchCriteriaId": "14D72C9B-EEB0-4605-BEA2-F77092129245", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "52DBF406-9C77-4DDA-AB7D-40FAE40023D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p1:*:*:*:*:*:*", "matchCriteriaId": "20A31C9A-A928-4C9B-BB49-0E53227746DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p2:*:*:*:*:*:*", "matchCriteriaId": "99FB7443-F942-402A-9104-64677EAF014E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:*", "matchCriteriaId": "C2A31704-E99F-4DBE-ABA4-EC3E566DE6CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:stable:*:*:*:*:*:*", "matchCriteriaId": "E9A75104-5A3E-485E-B4EC-0873C942731C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "F948527C-A01E-4315-80B6-47FACE18A34F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*", "matchCriteriaId": "8B573401-DC6F-4AFE-92F5-D96F785D2107", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n pipe_build_write_buffer (sys/kern/sys_pipe.c) en la caracter\u00edstica de escritura directa en la implementaci\u00f3n del filtro en FreeBSD v7.1 hasta v7.2 y v6.3 hasta v6.4, permite a usuarios locales saltarse las b\u00fasquedas de direcciones virtual-to-physical, y leer informaci\u00f3n sensible en paginas de memoria a trav\u00e9s de vectores no espec\u00edficos."}], "id": "CVE-2009-1935", "lastModified": "2017-08-17T01:30:34.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-18T18:30:00.407", "references": [{"source": "secteam@freebsd.org", "url": "http://osvdb.org/55044"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35398"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"}, {"source": "secteam@freebsd.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"}, {"source": "secteam@freebsd.org", "url": "http://www.securityfocus.com/bid/35279"}, {"source": "secteam@freebsd.org", "url": "http://www.securitytracker.com/id?1022365"}, {"source": "secteam@freebsd.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}