Multiple vulnerabilities in OpenBSD

Published: 2018-02-08 14:25:44
Severity Low
Patch available YES
Number of vulnerabilities 4
CVE ID N/A
CVSSv3 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-415
Exploitation vector Network
Public exploit Not available
Vulnerable software OpenBSD
Vulnerable software versions OpenBSD 6.2
OpenBSD 6.1
Vendor URL OpenBSD

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can supply specially crafted IPsec AH packets with IP options or IPv6 extension and cause the kernel to crash or hang.

Remediation

Install update from vendor's website.

External links

http://www.openbsd.org/errata61.html
http://www.openbsd.org/errata62.html
https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/034_ahopts.patch.sig

2) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can supply specially crafted IPv6 fragments, incorrectly access memory of an mbuf chain that is not within an mbuf and cause the kernel to crash.

Remediation

Install update from vendor's website.

External links

http://www.openbsd.org/errata61.html
http://www.openbsd.org/errata62.html
https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/035_prevhdr.patch.sig

3) Double free

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the EtherIP tunnel protocol was disabled. A remote attacker can trigger improper discarding of IPv6 packets and double free error to cause the kernel to crash. 

Remediation

Install update from vendor's website.

External links

http://www.openbsd.org/errata61.html
http://www.openbsd.org/errata62.html
https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/036_etherip.patch.sig

4) Spoofing attack

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The weakness exists due to a flaw in the way unbound validated wildcard-synthesized NSEC records. A remote attacker can supply a specially crafted wildcard NSEC record and prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Remediation

Install update from vendor's website.

External links

http://www.openbsd.org/errata62.html
https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/008_unbound.patch.sig

Back to List