CVE-2002-1125 Information

Description

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier including (1) asmon (2) ascpu (3) bubblemon (4) wmmon and (5) wmnet2 leave open file descriptors for /dev/mem and /dev/kmem which allows local users to read kernel memory.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html http://marc.info/?l=bugtraq&m=103228135413310&w=2 http://www.iss.net/security_center/static/10109.php http://www.securityfocus.com/bid/5714 http://www.securityfocus.com/bid/5716 http://www.securityfocus.com/bid/5718 http://www.securityfocus.com/bid/5719 http://www.securityfocus.com/bid/5720