CVE-2014-8476 Information

Description

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name which allows local users to obtain sensitive information from kernel memory via a call to getlogin which returns the entire buffer.

Reference

http://secunia.com/advisories/61118 http://secunia.com/advisories/62218 http://www.debian.org/security/2014/dsa-3070 https://www.freebsd.org/security/advisories/FreeBSD-SA-143A25.setlogin.asc