Multiple vulnerabilities in NetBSD

Published: 2018-05-10

Risk	Medium
Patch available	YES
Number of vulnerabilities	8
CVE-ID	N/A
CWE-ID	CWE-416 CWE-20 CWE-404 CWE-824 CWE-805 CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	NetBSD Operating systems & Components / Operating system
Vendor	NetBSD Foundation, Inc

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Use-after-free error

EUVDB-ID: #VU12424

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the AH entry point due to a length check was missing. A remote attacker can send specially crafted IPsec Authentication Header (AH) data, trigger input validation or use-after-free error and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU12425

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU12426

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a miscomputation in an IPsec function in charge of handling mbufs that results in the wrong length being stored in the mbuf header. A remote attacker can send specially crafted data and cause the service to crash when at least ESP is active.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper resource shutdown

EUVDB-ID: #VU12427

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the IPsec output path due to a sanity check isn't strong enough. A remote attacker can cause the service to crash when both IPsec and IPv6 forwarding are enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Use-after-free error

EUVDB-ID: #VU12428

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common Tunnel code due to a use-after-free error and a mistake in
pointer initialization. A remote attacker can submit an IPv6 packet, bypass the "local
address spoofing" check, trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Access of uninitialized pointer

EUVDB-ID: #VU12429

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the common IPsec entry point due to a pointer initialization flaw. A remote attacker can trigger IPv6 packet to bypass the "local address spoofing" check and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Buffer access with incorrect length value

EUVDB-ID: #VU12430

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-805 - Buffer Access with Incorrect Length Value

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a length validation flaw. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU12431

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to a memory leak and use-after-free memory error. A remote attacker can trigger memory corruption and cause the service to crash when both IPv6 and forwarding are enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

NetBSD: 6.0 - 7.1.2

CPE2.3

cpe:2.3:o:netbsd_foundation:netbsd:7.1:*:*:*:*:*:*:*

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?