SB2017011934 - Input validation error in NetBSD
Published: January 19, 2017 Updated: August 8, 2020
Security Bulletin ID
SB2017011934
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-8212)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
Remediation
Install update from vendor's website.