12 February 2018

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

Today we have issued a very rare security advisory on two remotely exploitable vulnerabilities in NetBSD - SB2018021210.

One of the most secure operating systems in world has issued today two security patches against remotely exploitable vulnerabilities. Both vulnerabilities reside in code, relevant to IPv6 implementation.

All supported versions of NetBSD are vulnerable to both vulnerabilities. Users, who are still using NetBSD 5.x should immediately disable support for IPv6 protocol and consider upgrading to supported versions of this operating system.

These vulnerabilities are pretty nasty as the IPv6 support is enabled by default in NetBSD and therefore all kernels, compiled on GENERIC kernel config, are vulnerable.

Let’s have a short look at patched vulnerabilities:

1)      Denial of service vulnerability in IPSec implementation

According to vendor’s advisory, the vulnerability allows a remote attacker to cause buffer overflow by overwriting available memory with zeros. An attacker can send specially crafted IPSec IPv6-AH packet with a suboption of length zero and trigger a buffer overflow that would fill with zeros an area that extends beyond the buffer containing the packet.

2)      Remote memory corruption in IPv6 implementation

This vulnerability is particularly interesting. A remote attacker can send a series of specially crafted IPv6 packets to vulnerable system, trigger memory corruption and cause denial of service and potentially execute arbitrary code on the vulnerable system. The problem for this vulnerability resides within “src/sys/netinet6/frag6.c” code, responsible for parsing IPv6 options.

All NetBSD users should immediately install patches from vendor’s repository.

Back to the list

Latest Posts

Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
New zero-day in Adobe Flash Player heavily exploited in the Middle East

New zero-day in Adobe Flash Player heavily exploited in the Middle East

Users in Doha and Qatar suffered from a targeted attack.
7 June 2018