Main Vulnerability Database Vulnerabilities #VU87316

#VU87316 Spoofing attack in NetBSD

Published: March 11, 2024

Vulnerability identifier: #VU87316

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-451

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
NetBSD

Software vendor:
NetBSD Foundation, Inc

Description

The vulnerability allows a local user to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data within the utmp_update(8) command when handling hostnames. A local user can inject specially crafted data into the utmpx(5) database and spoof content of log files or display arbitrary output for tools, which display hostnames from utmpx(5) databases such us w(1) or who(1).

Remediation

Install updates from vendor's website.

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-001.txt.asc

#VU87316 Spoofing attack in NetBSD

Description

Remediation

External links

Please verify you're human