| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | N/A |
| CVSSv3 |
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
NetBSD |
| Vulnerable software versions |
NetBSD 7.0.2 NetBSD 7.0.1 NetBSD 7.0 Show more |
| Vendor URL | NetBSD Foundation, Inc |
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an input validation error in virecover script. A local unprivileged user can delete arbitrary file within the root / directory.
Install update from vendor's website.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-002.txt.asc