Main Vulnerability Database Vulnerabilities #VU39815

Input validation error in NetBSD - CVE-2015-8212

Published: January 19, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39815

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-8212

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: NetBSD Foundation, Inc

Affected software:
NetBSD

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

How to mitigate CVE-2015-8212

Install update from vendor's website.

Sources

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
http://www.securitytracker.com/id/1035673

Input validation error in NetBSD - CVE-2015-8212

Detailed vulnerability description

How to mitigate CVE-2015-8212

Sources

Please verify you're human