Coda Filesystem Memory Disclosure in NetBSD and FreeBSD
CVE-2010-3014

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; FreeBSD
Vendor: CVE Published:; 20 August 2010

What is CVE-2010-3014?

The Coda filesystem kernel module in NetBSD and FreeBSD is susceptible to a vulnerability that permits local users to exploit a buffer over-read. When the Coda module is loaded, and Venus is running with the /coda mount, attackers can manipulate the out_size value in the ViceIoctl structure during a Coda ioctl call. This manipulation can lead to the disclosure of sensitive heap memory, posing a significant risk to system security. Users of the affected operating systems should apply the necessary patches and updates to mitigate this issue.

References

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.d...

x_refsource_CONFIRM

http://www.vsecurity.com/resources/advisory/20100816-1/

x_refsource_MISC

http://svn.freebsd.org/viewvc/base?view=revision&revision...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2010
Vulnerability Reserved
Aug 16, 2010

CVE-2010-3014 Data

JSON

Netbsd

What is CVE-2010-3014?

References

Timeline