Local denial of service in NetBSD

Published: 2018-01-03 18:23:22
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software NetBSD
Vulnerable software versions NetBSD 7.0.2
NetBSD 7.0.1
NetBSD 7.0

Show more

Vendor URL NetBSD Foundation, Inc

Security Advisory

1) Improper input validation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an input validation error in virecover script. A local unprivileged user can delete arbitrary file within the root / directory.

Remediation

Install update from vendor's website.

External links

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-002.txt.asc

Back to List