Information disclosure in NetBSD
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | N/A |
| CWE-ID | CWE-401 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NetBSD Operating systems & Components / Operating system |
| Vendor | NetBSD Foundation, Inc |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU17404
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel stack were leaked in the ntp_gettime system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU17405
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to eight bytes of kernel stack were leaked when executing execve. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU17406
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to many bytes of kernel stack were leaked when processing signals on several architectures. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU17407
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel stack were leaked in several system calls related to time. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU17408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an inverted logic in netbsd32 caused some kernel memory bytes to wrongfully be copied to userland. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU17409
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a missing sanity check in a sysctl caused a severe kernel memory disclosure. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU17410
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel stack were leaked in the kevent system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU17411
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to eight bytes of kernel stack were leaked in the gettimer system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU17412
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to two bytes of kernel heap were leaked in the net.rtable sysctl. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU17413
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to many bytes of kernel stack were leaked in the swapctl system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU17414
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to sixteen bytes of kernel heap were leaked in the settime system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU17415
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel heap were leaked in the sigaction_sigtramp system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU17416
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to many bytes of kernel stack were leaked in the ptrace system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU17417
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel stack were leaked in the wait6 system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU17418
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to four bytes of kernel stack were leaked in the sigtimedwait system call. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU17419
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to many bytes of kernel stack were leaked in the msgctl system call implemented in the compatibility layers. A local attacker can obtain data from kernel memory.
Install update from vendor's website.
Vulnerable software versionsNetBSD: 7.0 - 8.0
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
