NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
BID:21328
Info
NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
| Bugtraq ID: | 21328 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 28 2006 12:00AM |
| Updated: | Dec 04 2006 05:54PM |
| Credit: | The vendor credits Ben Hawkes of Suresec and Christer Oberg of BitSec with the discovery of these vulnerabilities. |
| Vulnerable: |
NetBSD NetBSD 3.0.1 NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD Current NetBSD NetBSD 3,1_RC1 NetBSD NetBSD 2.1.1 NetBSD NetBSD 2.0.4 Navision Financials Server 3.0 |
| Not Vulnerable: |
NetBSD NetBSD 3.0.2 NetBSD NetBSD 3.1 |
Discussion
NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
The NetBSD kernel is prone to multiple local information-disclosure vulnerabilities because the kernel fails to properly initialize kernel memory before returning it to user-space programs.
Successfully exploiting these issues allows local attackers to gain access to potentially sensitive information contained in kernel memory, aiding them in further attacks.
These versions are vulnerable:
NetBSD kernel branch 2.x to branch 3.x prior to 3.0.2
NetBSD-current prior to 10/27/2006
The NetBSD kernel is prone to multiple local information-disclosure vulnerabilities because the kernel fails to properly initialize kernel memory before returning it to user-space programs.
Successfully exploiting these issues allows local attackers to gain access to potentially sensitive information contained in kernel memory, aiding them in further attacks.
These versions are vulnerable:
NetBSD kernel branch 2.x to branch 3.x prior to 3.0.2
NetBSD-current prior to 10/27/2006
Exploit / POC
NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
Solution:
The vendor has released fixes to address these issues.
Please see the referenced advisories for further information.
Solution:
The vendor has released fixes to address these issues.
Please see the referenced advisories for further information.
References
NetBSD Kernel Multiple Local Information Disclosure Vulnerabilities
References:
References:
- NetBSD Homepage (NetBSD)
- NetBSD sys_ptrace information leak (Suresec)