Multiple vulnerabilities in NetBSD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-3326 |
| CWE-ID | CWE-287 CWE-276 CWE-401 CWE-125 CWE-119 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NetBSD Operating systems & Components / Operating system |
| Vendor | NetBSD Foundation, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU77582
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3326
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in pam_krb5 module. A remote attacker with ability to control password and KDC responses can return a valid TGT ticket and bypass authentication process.
Successful exploitation of the vulnerability requires a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-006.txt.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect default permissions
EUVDB-ID: #VU77772
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to /proc/N/environ is world-readable. A local user can read files in the folder and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-004.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU77771
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due structure padding. A local user can trigger memory leak and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-003.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU77770
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary conditions within the compat_netbsd32, compat_linux, compat_linux32 subsystems. A local user can execute a specially crafted syscall, trigger an out-of-bounds read error and read contents of kernel memory.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-002.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU77769
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary errors in src/sys/dev/usb/uthum.c USB device driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-001.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU77768
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error in pam_ksu(8) implementation on systems that use the module to authenticate an unprivileged user calling the su(1) command. A local user can authenticate as an arbitrary user and compromise the system.
Install updates from vendor's website.
Vulnerable software versionsNetBSD: 8.0 - 10
External linkshttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-005.txt.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
