Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

Today we have issued a very rare security advisory on two remotely exploitable vulnerabilities in NetBSD - SB2018021210.

One of the most secure operating systems in world has issued today two security patches against remotely exploitable vulnerabilities. Both vulnerabilities reside in code, relevant to IPv6 implementation.

All supported versions of NetBSD are vulnerable to both vulnerabilities. Users, who are still using NetBSD 5.x should immediately disable support for IPv6 protocol and consider upgrading to supported versions of this operating system.

These vulnerabilities are pretty nasty as the IPv6 support is enabled by default in NetBSD and therefore all kernels, compiled on GENERIC kernel config, are vulnerable.

Let’s have a short look at patched vulnerabilities:

1)      Denial of service vulnerability in IPSec implementation

According to vendor’s advisory, the vulnerability allows a remote attacker to cause buffer overflow by overwriting available memory with zeros. An attacker can send specially crafted IPSec IPv6-AH packet with a suboption of length zero and trigger a buffer overflow that would fill with zeros an area that extends beyond the buffer containing the packet.

2)      Remote memory corruption in IPv6 implementation

This vulnerability is particularly interesting. A remote attacker can send a series of specially crafted IPv6 packets to vulnerable system, trigger memory corruption and cause denial of service and potentially execute arbitrary code on the vulnerable system. The problem for this vulnerability resides within “src/sys/netinet6/frag6.c” code, responsible for parsing IPv6 options.

All NetBSD users should immediately install patches from vendor’s repository.

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025