Multiple vulnerabilities in NetBSD



Published: 2018-05-10
Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID N/A
CWE-ID CWE-416
CWE-20
CWE-404
CWE-824
CWE-805
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
NetBSD
Operating systems & Components / Operating system

Vendor NetBSD Foundation, Inc

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Use-after-free error

EUVDB-ID: #VU12424

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the AH entry point due to a length check was missing. A remote attacker can send specially crafted IPsec Authentication Header (AH) data, trigger input validation or use-after-free error and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU12425

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU12426

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a miscomputation in an IPsec function in charge of handling mbufs that results in the wrong length being stored in the mbuf header. A remote attacker can send specially crafted data and cause the service to crash when at least ESP is active.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper resource shutdown

EUVDB-ID: #VU12427

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the IPsec output path due to a sanity check isn't strong enough. A remote attacker can cause the service to crash when both IPsec and IPv6 forwarding are enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Use-after-free error

EUVDB-ID: #VU12428

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common Tunnel code due to a use-after-free error and a mistake in
pointer initialization. A remote attacker can submit an IPv6 packet, bypass the "local
address spoofing" check, trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Access of uninitialized pointer

EUVDB-ID: #VU12429

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to a pointer initialization flaw. A remote attacker can trigger IPv6 packet to bypass the "local address spoofing" check and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Buffer access with incorrect length value

EUVDB-ID: #VU12430

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a length validation flaw. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU12431

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a memory leak and use-after-free memory error. A remote attacker can trigger memory corruption and cause the service to crash when both IPv6 and forwarding are enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2


CPE2.3 External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###