Cyber Security Notifications: New Vulnerabilities of September 2014
Security vulnerabilities related to Netbsd : Descriptions of vulnerabilities related to products of this vendor of September 12, 2014.
This post presents and discloses a newly found, local network affecting, NetBSD security vulnerabilities.
#1 Denial of service in NetBSD
Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 4
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: W / RC: C) =
Vector operation: Local
Impact: Denial of service
Affected products: NetBSD 5.1.x, 5.2.x, 6.0.x, 6.1.x
Affected versions: NetBSD 6.0.4, 6.1.4
Description:
Vulnerabilities allow a local user to cause a denial of service.
1. The vulnerability is caused due to an error related to compatibility “COMPAT_FREEBSD” in the processing system calls “sched_getparam ()”. A local user can cause denial of service.
2. The vulnerability is caused due to an error related to compatibility “COMPAT_NETBSD32” in the processing system calls “kevent ()”. A local user can cause denial of service.
3. The vulnerability is caused due to an error related to compatibility “COMPAT_OSF1” in the processing system calls “getdirentries ()”. A local user can cause denial of service.
4. The vulnerability is due to an error in the ELF binary loader, coupled with compatibility “COMPAT_LINUX32 and” COMPAT_LINUX “. A local user can cause denial of service.
Solution: Install the update from the source code repository.
Links: http: //ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc
#2 Denial of service in NetBSD
Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 2
Vector operation: Local
Impact: Denial of service
Affected products: NetBSD 6.0.x, NetBSD 6.1.x
Affected versions: NetBSD 6.0.4, NetBSD 6.1.4
Description:
Vulnerabilities allow a local user to cause a denial of service.
1. The vulnerability is caused due to an error when processing the system call “execve ()”. A local user can cause denial of service.
2. The vulnerability is caused due to an error when processing the system call “execve ()” at the time of calculation of user stack size. A local user can cause denial of service.
Solution: Install the update from the source code repository.
Links: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc
#3 Denial of service in NetBSD
Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
Vector operation: Local
Impact: Denial of service
Affected products: NetBSD 6.1.x, NetBSD 6.0.x, NetBSD 5.2.x, NetBSD 5.1.x
Affected versions: NetBSD 5.1.4, NetBSD 5.2.2, NetBSD 6.0.5, NetBSD 6.1.4
Description:
Vulnerabilities allow a local user to cause a denial of service.
The vulnerability is caused due to an error when processing the system call “setsockopt ()” for IPv6 sockets. A local user can cause denial of service.
Solution: Install the update from the source code repository.
Links: http: //ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc
NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system.
Manufacturer URL: http://www.netbsd.org/
