Main Vulnerability Database Vulnerabilities #VU5867

Out-of-bounds read in NetBSD - #VU5867

Published: February 19, 2017

Vulnerability identifier: #VU5867

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-125

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: NetBSD Foundation, Inc

Affected software:
NetBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of hardware and protocol lengths when processing ARP headers. A remote unauthenticated attacker in one network segment with vulnerable system can send specially crafted ARP packet with the highest encodable lengths and cause the kernel to copy in the reply packet more data than is available. A remote attacker can obtain 249 bytes of kernel memory over an Ethernet link.

Successful exploitation may allow an attacker to obtain potentially sensitive information from kernel memory.

Remediation

Install update from CVS repository.

Sources

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

Out-of-bounds read in NetBSD - #VU5867

Detailed vulnerability description

Remediation

Sources

Please verify you're human