SB2017021901 - Remote DoS and information disclosure in NetBSD

Security Bulletin ID SB2017021901

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: N/A)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of hardware and protocol lengths when processing ARP headers. A remote unauthenticated attacker in one network segment with vulnerable system can send specially crafted ARP packet with the highest encodable lengths and cause the kernel to copy in the reply packet more data than is available. A remote attacker can obtain 249 bytes of kernel memory over an Ethernet link.

Successful exploitation may allow an attacker to obtain potentially sensitive information from kernel memory.

2) Memory leak (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory leak when processing ARP packets. A remote unauthenticated attacker in one network segment with vulnerable system can send specially crafted ARP requests to vulnerable system, trigger memory leak and consume all available memory resources on the system.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc