12 February 2018

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

Today we have issued a very rare security advisory on two remotely exploitable vulnerabilities in NetBSD - SB2018021210.

One of the most secure operating systems in world has issued today two security patches against remotely exploitable vulnerabilities. Both vulnerabilities reside in code, relevant to IPv6 implementation.

All supported versions of NetBSD are vulnerable to both vulnerabilities. Users, who are still using NetBSD 5.x should immediately disable support for IPv6 protocol and consider upgrading to supported versions of this operating system.

These vulnerabilities are pretty nasty as the IPv6 support is enabled by default in NetBSD and therefore all kernels, compiled on GENERIC kernel config, are vulnerable.

Let’s have a short look at patched vulnerabilities:

1)      Denial of service vulnerability in IPSec implementation

According to vendor’s advisory, the vulnerability allows a remote attacker to cause buffer overflow by overwriting available memory with zeros. An attacker can send specially crafted IPSec IPv6-AH packet with a suboption of length zero and trigger a buffer overflow that would fill with zeros an area that extends beyond the buffer containing the packet.

2)      Remote memory corruption in IPv6 implementation

This vulnerability is particularly interesting. A remote attacker can send a series of specially crafted IPv6 packets to vulnerable system, trigger memory corruption and cause denial of service and potentially execute arbitrary code on the vulnerable system. The problem for this vulnerability resides within “src/sys/netinet6/frag6.c” code, responsible for parsing IPv6 options.

All NetBSD users should immediately install patches from vendor’s repository.

Back to the list

Latest Posts

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Jackpotting: Weird Attack On ATM

Jackpotting: Weird Attack On ATM

Jackpotting requires not only technical skills and great coordination but also acting skills, audacity and composure.
30 January 2018