BID:21327

NetBSD Multiple Local Denial of Service Vulnerabilities

Info

NetBSD Multiple Local Denial of Service Vulnerabilities

Bugtraq ID:	21327
Class:	Input Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Nov 28 2006 12:00AM
Updated:	Nov 30 2006 08:24PM
Credit:	Sean Boudreau, Ryo Shimizu and Nicolas Joly are credited with discovering these issues.
Vulnerable:	NetBSD NetBSD 3.0.1 NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD 2.0.4 Navision Financials Server 3.0

Not Vulnerable:	NetBSD NetBSD 3.0.2 NetBSD NetBSD 3.1

Discussion

NetBSD Multiple Local Denial of Service Vulnerabilities

NetBSD is prone to multiple local denial-of-service vulnerabilities because it fails to properly validate user-supplied input.

An attacker may leverage these issues to cause the affected computer to crash, denying service to legitimate users.

Exploit / POC

NetBSD Multiple Local Denial of Service Vulnerabilities

An attacker may exploit these issues by gaining local interactive access to a vulnerable computer running the affected operating system.

Solution / Fix

NetBSD Multiple Local Denial of Service Vulnerabilities

Solution:
The vendor released an advisory and kernel updates available through CVS. Please see the references for more information.

References

NetBSD Multiple Local Denial of Service Vulnerabilities

References:

NetBSD Homepage (NetBSD)