Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-6013

Disclosure Date: November 21, 2006
CVE-2006-6013
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2006-6013 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6013)
BID-21089 (http://www.securityfocus.com/bid/21089)
Advisory
20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/451861/100/0/threaded)
SECTRACK-1017344 (http://securitytracker.com/id?1017344)
20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html)
20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/451637/100/0/threaded)
[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html)
XF-freebsd-fwdev-integer-overflow(30347) (https://exchange.xforce.ibmcloud.com/vulnerabilities/30347)
20061121 Clarifying integer overflows vs. signedness errors (http://www.securityfocus.com/archive/1/452264/100/0/threaded)
20061122 Re: Clarifying integer overflows vs. signedness errors (http://www.securityfocus.com/archive/1/452331/100/0/threaded)
20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/452124/100/0/threaded)
[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface (http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html)
SECUNIA-22917 (http://secunia.com/advisories/22917)
20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/451698/100/0/threaded)
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c
20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/451677/100/0/threaded)
20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure (http://www.securityfocus.com/archive/1/451629/100/0/threaded)
Miscellaneous
http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc
http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c
http://www.kernelhacking.com/bsdadv1.txt

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis