NetBSD SIOCGIFALIAS IOCTL Local Denial of Service Vulnerability

Bugtraq ID:	17497
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	No
Local:	Yes
Published:	Apr 13 2006 12:00AM
Updated:	Apr 13 2006 07:32PM
Credit:	Sean Boudreau discovered this issue.
Vulnerable:	NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD 1.6.2 NetBSD NetBSD 1.6.1 NetBSD NetBSD 1.6 beta NetBSD NetBSD 1.6 Navision Financials Server 3.0
Not Vulnerable:

NetBSD SIOCGIFALIAS IOCTL Local Denial of Service Vulnerability

NetBSD is prone to a local denial-of-service vulnerability.

Specifically, the issue presents itself due to an exceptional condition arising when the SIOCGIFALIAS IOCTL is used to get information about an alias of an interface.

A successful attack may trigger a crash in the kernel.

NetBSD SIOCGIFALIAS IOCTL Local Denial of Service Vulnerability


A proof of concept has been developed for this issue, but is not publicly available.

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

NetBSD SIOCGIFALIAS IOCTL Local Denial of Service Vulnerability

Solution:

NetBSD has released an advisory and fixes to address this issue.

NetBSD SIOCGIFALIAS IOCTL Local Denial of Service Vulnerability

References:

• NetBSD Homepage (NetBSD)