CVE-2006-6013

2006-11-2123:07:00

[email protected]

web.nvd.nist.gov

cve-2006-6013

integer signedness error

firewire drivers

bsd kernels

security vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

Affected configurations

NVD

Node

dragonflybsddragonflybsd

freebsdfreebsdMatch5.5

midnightbsdmidnightbsdMatch0.1-current

netbsdnetbsdMatch2.0.4

trustedbsdtrustedbsd

CPENameOperatorVersion
dragonflybsd:dragonflybsddragonflybsdeq*
freebsd:freebsdfreebsdeq5.5
midnightbsd:midnightbsdmidnightbsdeq0.1-current
netbsd:netbsdnetbsdeq2.0.4
trustedbsd:trustedbsdtrustedbsdeq*

CPE	Name	Operator	Version
dragonflybsd:dragonflybsd	dragonflybsd	eq	*
freebsd:freebsd	freebsd	eq	5.5
midnightbsd:midnightbsd	midnightbsd	eq	0.1-current
netbsd:netbsd	netbsd	eq	2.0.4
trustedbsd:trustedbsd	trustedbsd	eq	*