SB2018051019 - Multiple vulnerabilities in NetBSD

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018051019

SB2018051019 - Multiple vulnerabilities in NetBSD

Published: May 10, 2018

Security Bulletin ID SB2018051019
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the AH entry point due to a length check was missing. A remote attacker can send specially crafted IPsec Authentication Header (AH) data, trigger input validation or use-after-free error and cause the service to crash.

2) Improper input validation (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.

3) Improper input validation (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a miscomputation in an IPsec function in charge of handling mbufs that results in the wrong length being stored in the mbuf header. A remote attacker can send specially crafted data and cause the service to crash when at least ESP is active.

4) Improper resource shutdown (CVE-ID: N/A)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the IPsec output path due to a sanity check isn't strong enough. A remote attacker can cause the service to crash when both IPsec and IPv6 forwarding are enabled.

5) Use-after-free error (CVE-ID: N/A)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common Tunnel code due to a use-after-free error and a mistake in
pointer initialization. A remote attacker can submit an IPv6 packet, bypass the "local
address spoofing" check, trigger memory corruption and cause the service to crash.

6) Access of uninitialized pointer (CVE-ID: N/A)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to a pointer initialization flaw. A remote attacker can trigger IPv6 packet to bypass the "local address spoofing" check and cause the service to crash.

7) Buffer access with incorrect length value (CVE-ID: N/A)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a length validation flaw. A remote attacker can cause the service to crash.

8) Memory corruption (CVE-ID: N/A)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a memory leak and use-after-free memory error. A remote attacker can trigger memory corruption and cause the service to crash when both IPv6 and forwarding are enabled.

Remediation

Install update from vendor's website.

References