Local denial of service in NetBSD

Published: 2018-01-03 18:23:22
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 3.6 (AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
CVSSv3 4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE ID N/A
CWE ID CWE-20
Exploitation vector Local
Public exploit Not available
Vulnerable software NetBSD
Vulnerable software versions NetBSD 7.0.2
NetBSD 7.0.1
NetBSD 7.0
Show more
Vendor URL NetBSD Foundation, Inc
Advisory type Public

Security Advisory

1) Improper input validation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an input validation error in virecover script. A local unprivileged user can delete arbitrary file within the root / directory.

Remediation

Install update from vendor's website.

External links

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-002.txt.asc

Back to List