CVE-2006-6013
NONE EPSS 31.8%
Published Nov 21, 200619y ago · Modified Jun 16, 20262w ago
Published Nov 21, 2006 19y ago
Last Modified Jun 16, 2026 2w ago
Description
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
Threat Intelligence
EPSS Exploit Probability
31.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 5
| Vendor | Product | Version | Range |
|---|---|---|---|
| dragonflybsd | dragonflybsd | * | any |
| freebsd | freebsd | 5.5 | any |
| midnightbsd | midnightbsd | 0.1-current | any |
| netbsd | netbsd | 2.0.4 | any |
| trustedbsd | trustedbsd | * | any |
References 19
- archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html
- cvsweb.netbsd.org http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c
- mail-index.netbsd.org http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html
- mail-index.netbsd.org http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html
- secunia.com http://secunia.com/advisories/22917
- security.freebsd.org http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc
- securitytracker.com http://securitytracker.com/id?1017344
- dragonflybsd.org http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c
- kernelhacking.com http://www.kernelhacking.com/bsdadv1.txt
- securityfocus.com http://www.securityfocus.com/archive/1/451629/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/451637/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/451677/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/451698/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/451861/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/452124/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/452264/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/452331/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/21089
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/30347
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.