Notifications: New Vulnerabilities in NetBSD September 12, 2014

Posted: September 12, 2014 in Vulnerability News
Tags: , , ,

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

Security vulnerabilities related to Netbsd : Descriptions of vulnerabilities related to products of this vendor of September 12, 2014.

This post presents and discloses a newly found, local network affecting, NetBSD security vulnerabilities.

#1 Denial of service in NetBSD

Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 4
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: W / RC: C) =

Vector operation: Local
Impact: Denial of service

Affected products: NetBSD 5.1.x, 5.2.x, 6.0.x, 6.1.x
Affected versions: NetBSD 6.0.4, 6.1.4

Description:

Vulnerabilities allow a local user to cause a denial of service.

1. The vulnerability is caused due to an error related to compatibility “COMPAT_FREEBSD” in the processing system calls “sched_getparam ()”. A local user can cause denial of service.
2. The vulnerability is caused due to an error related to compatibility “COMPAT_NETBSD32” in the processing system calls “kevent ()”. A local user can cause denial of service.
3. The vulnerability is caused due to an error related to compatibility “COMPAT_OSF1” in the processing system calls “getdirentries ()”. A local user can cause denial of service.
4. The vulnerability is due to an error in the ELF binary loader, coupled with compatibility “COMPAT_LINUX32 and” COMPAT_LINUX “. A local user can cause denial of service.

Solution: Install the update from the source code repository.
Links: http: //ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc

BSD UNIX Toolbox

#2 Denial of service in NetBSD

Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 2

Vector operation: Local
Impact: Denial of service

Affected products: NetBSD 6.0.x, NetBSD 6.1.x
Affected versions: NetBSD 6.0.4, NetBSD 6.1.4

Description:

Vulnerabilities allow a local user to cause a denial of service.

1. The vulnerability is caused due to an error when processing the system call “execve ()”. A local user can cause denial of service.
2. The vulnerability is caused due to an error when processing the system call “execve ()” at the time of calculation of user stack size. A local user can cause denial of service.

Solution: Install the update from the source code repository.
Links: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc

#3 Denial of service in NetBSD

Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7

Vector operation: Local
Impact: Denial of service

Affected products: NetBSD 6.1.x, NetBSD 6.0.x, NetBSD 5.2.x, NetBSD 5.1.x
Affected versions: NetBSD 5.1.4, NetBSD 5.2.2, NetBSD 6.0.5, NetBSD 6.1.4

Description:

Vulnerabilities allow a local user to cause a denial of service.

The vulnerability is caused due to an error when processing the system call “setsockopt ()” for IPv6 sockets. A local user can cause denial of service.

Solution: Install the update from the source code repository.
Links: http: //ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc


NetBSD Logo

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system.

Manufacturer URL: http://www.netbsd.org/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s