CVE-2003-1289

Name of the Vulnerable Software and Affected Versions NetBSD versions 1.5 through 1.5.3 FreeBSD versions 4 up to 4.8-RELEASE-p2 FreeBSD versions 5 up to 5.1-RELEASE-p1

Description The issue allows local users to read portions of kernel memory via a large length parameter in the statfs system call translator. This occurs because the large length parameter copies additional kernel memory into userland memory, resulting in memory disclosure.

Recommendations For NetBSD versions 1.5 through 1.5.3, consider restricting access to the statfs system call until a patch is available. For FreeBSD versions 4 up to 4.8-RELEASE-p2, restrict the use of the statfs system call translator to minimize the risk of exploitation. For FreeBSD versions 5 up to 5.1-RELEASE-p1, avoid using large length parameters in the statfs system call translator until the issue is resolved.