NetBSD Sysctl Local Denial of Service Vulnerability
BID:17498
Info
NetBSD Sysctl Local Denial of Service Vulnerability
| Bugtraq ID: | 17498 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Apr 13 2006 07:42PM |
| Credit: | Matthias Drochner discovered this issue. |
| Vulnerable: |
NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD 1.6.2 NetBSD NetBSD 1.6.1 NetBSD NetBSD 1.6 beta NetBSD NetBSD 1.6 Navision Financials Server 3.0 |
| Not Vulnerable: | |
Discussion
NetBSD Sysctl Local Denial of Service Vulnerability
NetBSD is prone to a local denial-of-service vulnerability.
An attacker can allocate all available physical memory because the size of a user-supplied buffer isn't checked against system resource limits. This may exhaust all physical memory on a system.
A successful attack may trigger a crash in the kernel.
NetBSD is prone to a local denial-of-service vulnerability.
An attacker can allocate all available physical memory because the size of a user-supplied buffer isn't checked against system resource limits. This may exhaust all physical memory on a system.
A successful attack may trigger a crash in the kernel.
Exploit / POC
NetBSD Sysctl Local Denial of Service Vulnerability
A proof of concept has been developed, but is not publicly available.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
A proof of concept has been developed, but is not publicly available.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
NetBSD Sysctl Local Denial of Service Vulnerability
Solution:
NetBSD has released an advisory and fixes to address this issue.
Solution:
NetBSD has released an advisory and fixes to address this issue.