12 February 2018

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

Today we have issued a very rare security advisory on two remotely exploitable vulnerabilities in NetBSD - SB2018021210.

One of the most secure operating systems in world has issued today two security patches against remotely exploitable vulnerabilities. Both vulnerabilities reside in code, relevant to IPv6 implementation.

All supported versions of NetBSD are vulnerable to both vulnerabilities. Users, who are still using NetBSD 5.x should immediately disable support for IPv6 protocol and consider upgrading to supported versions of this operating system.

These vulnerabilities are pretty nasty as the IPv6 support is enabled by default in NetBSD and therefore all kernels, compiled on GENERIC kernel config, are vulnerable.

Let’s have a short look at patched vulnerabilities:

1)      Denial of service vulnerability in IPSec implementation

According to vendor’s advisory, the vulnerability allows a remote attacker to cause buffer overflow by overwriting available memory with zeros. An attacker can send specially crafted IPSec IPv6-AH packet with a suboption of length zero and trigger a buffer overflow that would fill with zeros an area that extends beyond the buffer containing the packet.

2)      Remote memory corruption in IPv6 implementation

This vulnerability is particularly interesting. A remote attacker can send a series of specially crafted IPv6 packets to vulnerable system, trigger memory corruption and cause denial of service and potentially execute arbitrary code on the vulnerable system. The problem for this vulnerability resides within “src/sys/netinet6/frag6.c” code, responsible for parsing IPv6 options.

All NetBSD users should immediately install patches from vendor’s repository.

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Backdoor in Vesta Control Panel
Сritical Patched | 19 Oct, 2018
Multiple vulnerabilities in FreeRTOS
High Patched | 19 Oct, 2018
Privilege escalation in Linux Kernel
Low Patched | 19 Oct, 2018
Multiple vulnerabilities in Vecna VGo Celia
Low Not Patched | 19 Oct, 2018