SB2018020818 - Multiple vulnerabilities in OpenBSD

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can supply specially crafted IPsec AH packets with IP options or IPv6 extension and cause the kernel to crash or hang.

2) Improper input validation (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can supply specially crafted IPv6 fragments, incorrectly access memory of an mbuf chain that is not within an mbuf and cause the kernel to crash.

3) Double free (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the EtherIP tunnel protocol was disabled. A remote attacker can trigger improper discarding of IPv6 packets and double free error to cause the kernel to crash. 

4) Spoofing attack (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform spoofing attack.

The weakness exists due to a flaw in the way unbound validated wildcard-synthesized NSEC records. A remote attacker can supply a specially crafted wildcard NSEC record and prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Remediation

Install update from vendor's website.

References

• http://www.openbsd.org/errata61.html
• http://www.openbsd.org/errata62.html
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/034_ahopts.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/035_prevhdr.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/036_etherip.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/008_unbound.patch.sig