Multiple vulnerabilities in NetBSD
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | N/A |
| CWE-ID | CWE-362 CWE-264 CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NetBSD Operating systems & Components / Operating system |
| Vendor | NetBSD Foundation, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Race condition
EUVDB-ID: #VU67909
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in mail.local(8) (/usr/libexec/mail.local), caused by an insufficient fix for #VU196 (CVE-2016-6253). A local user can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 9.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2022-003.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67908
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to missing permission checks, which allows to reuse open descriptors, exposed in the procfs(5) [pid]/fd/ directory. A local user can bypass permission checks and read data from opened descriptor.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 9.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2022-004.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU67907
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in coredump handling code. A local user can trigger a use-after-free error and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 9.2
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2022-002.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
