CVE-2014-8476

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.4 through 10.1-RC4

Description The issue concerns the setlogin function, which fails to initialize a buffer used for storing the login name. This allows local users to access sensitive information from kernel memory by calling the getlogin function, which returns the entire buffer.

Recommendations For FreeBSD versions 8.4 through 10.1-RC4, consider restricting access to the setlogin function and getlogin function until a proper fix is applied. As a temporary workaround, avoid using the getlogin function to minimize the risk of sensitive information disclosure.