SB2019050304 - Multiple vulnerabilities in NetBSD

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: N/A)

The vulnerability allows a local user to execute arbitrary code on the target system withe elevated privileges.

The vulnerability exists due to a boundary error when validating arguments in mq_send(3) system call. A local unprivileged user can create a specially crafted application, run it on the affected system, trigger memory corruption and overwrite kernel memory.

Successful exploitation of this vulnerability may allow a local user to execute arbitrary code as root.

2) Memory leak (CVE-ID: N/A)

The vulnerability allows a local user to gain access to sensitive kernel information.

The vulnerability exists due memory leak within the SIOCGIFCONF IOCTL command. A local user can read huge amount of kernel memory, including pointers to bypass KASLR, stack canaries which can be used to exploit stack buffer overflows.

Remediation

Install update from vendor's website.

References

• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-002.txt.asc
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-003.txt.asc