Multiple vulnerabilities in NetBSD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | N/A |
| CWE-ID | CWE-416 CWE-20 CWE-404 CWE-824 CWE-805 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NetBSD Operating systems & Components / Operating system |
| Vendor | NetBSD Foundation, Inc |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU12424
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the AH entry point due to a length check was missing. A remote attacker can send specially crafted IPsec Authentication Header (AH) data, trigger input validation or use-after-free error and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU12425
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU12426
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a miscomputation in an IPsec function in charge of handling mbufs that results in the wrong length being stored in the mbuf header. A remote attacker can send specially crafted data and cause the service to crash when at least ESP is active.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper resource shutdown
EUVDB-ID: #VU12427
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the IPsec output path due to a sanity check isn't strong enough. A remote attacker can cause the service to crash when both IPsec and IPv6 forwarding are enabled.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free error
EUVDB-ID: #VU12428
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the common Tunnel code due to a use-after-free error and a mistake in
pointer initialization. A remote attacker can submit an IPv6 packet, bypass the "local
address spoofing" check, trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Access of uninitialized pointer
EUVDB-ID: #VU12429
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the common IPsec entry point due to a pointer initialization flaw. A remote attacker can trigger IPv6 packet to bypass the "local address spoofing" check and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer access with incorrect length value
EUVDB-ID: #VU12430
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-805 - Buffer Access with Incorrect Length Value
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to a length validation flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU12431
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to a memory leak and use-after-free memory error. A remote attacker can trigger memory corruption and cause the service to crash when both IPv6 and forwarding are enabled.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 6.0 - 7.1.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
