FreeBSD up to 5.4 on AMD64 Hardware Initiation sys_amd64 information disclosure
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
8.4 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in FreeBSD up to 5.4 on AMD64 (Operating System). Affected by this vulnerability is the function sys_amd64
of the component Hardware Initiation Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
The bug was discovered 04/06/2005. The weakness was presented 04/06/2005 by Jari Kirma (Website). The advisory is shared at ftp.freebsd.org. This vulnerability is known as CVE-2005-1036 since 04/10/2005. The attack needs to be done within the local network. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at ftp.FreeBSD.org.
The vulnerability is also documented in the vulnerability database at X-Force (19984). See 1332 for similar entry.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.4
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: ftp.FreeBSD.org
Timeline
04/06/2005 🔍04/06/2005 🔍
04/06/2005 🔍
04/06/2005 🔍
04/06/2005 🔍
04/06/2005 🔍
04/06/2005 🔍
04/10/2005 🔍
04/12/2005 🔍
05/02/2005 🔍
05/05/2005 🔍
07/02/2019 🔍
Sources
Product: freebsd.orgAdvisory: ftp.freebsd.org
Researcher: Jari Kirma
Status: Confirmed
CVE: CVE-2005-1036 (🔍)
X-Force: 19984 - FreeBSD AMD64 privilege escalation, High Risk
SecurityTracker: 1013650
Vulnerability Center: 7828 - FreeBSD 5.0 - 5.4 Allows Bypass of Access Restriction on Hardware, Medium
SecurityFocus: 13021 - FreeBSD Kernel AMD64 Unprivileged Hardware Access Vulnerability
Secunia: 14827 - FreeBSD amd64 Direct Hardware Access Security Issue, Less Critical
OSVDB: 15288 - FreeBSD amd64 Direct Hardware Access Privilege Escalation
See also: 🔍
Entry
Created: 04/12/2005 14:28Updated: 07/02/2019 09:34
Changes: 04/12/2005 14:28 (84), 07/02/2019 09:34 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.