Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | N/A |
CWE-ID | CWE-264 CWE-416 CWE-401 CWE-415 CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
NetBSD Operating systems & Components / Operating system |
Vendor | NetBSD Foundation, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU11625
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a mistake the Xen-amd64 port of NetBSD, where iopl was unintentionally set to ring3. A local attacker can gain elevated privileges and read from and write to the CPU's I/O ports.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-005.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11634
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to several possible use-after-frees existed in the MPLS code. A remote attacker can trigger memory corruption and cause the system to panic.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11635
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to memory leak in the IPv6-NBR entry point. A remote attacker can trigger memory corruption and cause the kernel to run out of memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11636
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to double-free bug in the Pim6 (IPv6 multicast) entry point. A remote attacker can trigger memory corruption and cause the kernel to panic.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11638
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to two sysctls wrongfully allowed IPv4 source-routed packets to be accepted by the kernel. A remote attacker can send specially crafted source-routed packets and cause kernel to panic.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11639
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to signedness bug in NetBSD's implementation of the PF firewall. A remote attacker can send specially crafted TCP-SYN packet while PF had a configuration of the type "pass in [...] tcp [...] modulate state", trigger out-of-bounds read and cause the system to crash.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.1
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.