4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64206");
script_version("2023-07-26T05:05:09+0000");
script_cve_id("CVE-2009-1935");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:N/A:N");
script_name("FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdpatchlevel");
script_tag(name:"insight", value:"One of the most commonly used forms of interprocess communication on
FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this
mechanism, a pair of file descriptors is created, and data written to
one descriptor can be read from the other.
FreeBSD's pipe implementation contains an optimization known as direct
writes. In this optimization, rather than copying data into kernel
memory when the write(2) system call is invoked and then copying the
data again when the read(2) system call is invoked, the FreeBSD kernel
takes advantage of virtual memory mapping to allow the data to be copied
directly between processes.
An integer overflow in computing the set of pages containing data to be
copied can result in virtual-to-physical address lookups not being
performed.");
script_tag(name:"solution", value:"Upgrade your system to the appropriate stable release
or security branch dated after the correction date.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:09.pipe.asc");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-bsd.inc");
vuln = FALSE;
if(patchlevelcmp(rel:"7.2", patchlevel:"1")<0) {
vuln = TRUE;
}
if(patchlevelcmp(rel:"7.1", patchlevel:"6")<0) {
vuln = TRUE;
}
if(patchlevelcmp(rel:"6.4", patchlevel:"5")<0) {
vuln = TRUE;
}
if(patchlevelcmp(rel:"6.3", patchlevel:"11")<0) {
vuln = TRUE;
}
if(vuln) {
security_message(port:0);
} else if (__pkg_match) {
exit(99);
}