CVE-2010-3014 Information

Description

The Coda filesystem kernel module as used in NetBSD and FreeBSD when Coda is loaded and Venus is running with /coda mounted allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl which triggers a buffer over-read.

Reference

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN http://svn.freebsd.org/viewvc/base?view=revision&revision=210997 http://www.securityfocus.com/archive/1/513151/100/0/threaded http://www.vsecurity.com/resources/advisory/20100816-1/