|
 |
|
NetBSD Update Fixes Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA17389
|
|
|
Release Date:
|
2005-11-02
|
|
Last Update:
|
2006-02-03
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | NetBSD 1.x
|
|
| | CVE reference: | CVE-2004-0396 (Secunia mirror)
CVE-2004-0414 (Secunia mirror)
CVE-2004-0416 (Secunia mirror)
CVE-2004-0417 (Secunia mirror)
CVE-2004-0418 (Secunia mirror)
CVE-2005-0468 (Secunia mirror)
CVE-2005-0469 (Secunia mirror)
CVE-2005-0753 (Secunia mirror)
CVE-2005-2496 (Secunia mirror)
CVE-2005-2693 (Secunia mirror)
CVE-2005-2969 (Secunia mirror)
CVE-2005-4691 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges, or by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system, or by malicious people to bypass certain security restrictions and compromise a user's system.
1) Some boundary errors exist in the telnet client. This can be exploited by malicious people to compromise a user's system.
For more information:
SA14745
2) Multiple vulnerabilities exist in CVS. These can be exploited by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system, or by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
For more information:
SA11641
SA11817
SA16553
SA14976
3) An integer overflow error in the FreeBSD compatibility code can lead to heap corruption. This may be exploited by local users to cause a DoS and potentially to execute arbitrary code with root privileges.
4) Temporary files are being created insecurely in the "/tmp" directory by "imake" when generating pre-formatted manual pages. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user running the affected script.
5) A vulnerability exists in OpenSSL, which potentially can be exploited by malicious people to bypass certain security restrictions.
For more information:
SA17151
6) A security issue exists in ntpd, which can cause ntpd to run with incorrect group permissions.
For more information:
SA16602
7) An error exists the "ptrace()" function when checking for process privileges before attaching to a process. This can be exploited to attach to a suid process that calls "exec()". This potentially allows local privilege escalation by altering the behaviour of the process or by injecting additional syscalls.
Solution:
The vulnerabilities have been fixed in the following versions:
* NetBSD-current (October 31, 2005)
* NetBSD-1.6 branch (November 1, 2005)
Provided and/or discovered by:
3) Christer Oeberg
4) Jeremy C. Reed
7) Tavis Ormandy
Changelog:
2006-02-03: Added CVE reference.
Original Advisory:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-004.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-006.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-010.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-011.txt.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-013.txt.asc
Other References:
SA14745:
http://secunia.com/advisories/14745/
SA11641:
http://secunia.com/advisories/11641/
SA11817:
http://secunia.com/advisories/11817/
SA16553:
http://secunia.com/advisories/16553/
SA14976:
http://secunia.com/advisories/14976/
SA17151:
http://secunia.com/advisories/17151/
SA16602:
http://secunia.com/advisories/16602/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
52 Related Secunia Security Advisories, displaying 10
|
|
|
1. NetBSD "sysctl()" Local Denial of Service Vulnerability
|
|
2. NetBSD SIOCGIFALIAS "ioctl()" Denial of Service Vulnerability
|
|
3. NetBSD False Intel Hardware RNG Detection Security Issue
|
|
4. NetBSD Sendmail Memory Corruption Vulnerability
|
|
5. NetBSD mail Insecure Record File Creation
|
|
6. NetBSD if_bridge Kernel Memory Disclosure Vulnerability
|
|
7. NetBSD racoon IKE Message Processing Denial of Service
|
|
8. NetBSD Kernfs Kernel Memory Disclosure Vulnerability
|
|
9. NetBSD Audio Drivers ioctl Denial of Service Vulnerability
|
|
10. NetBSD "compat" Privilege Escalation Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
