Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


NetBSD ARP Processing Flaws Let Remote Users Obtain Potentially Sensitive Information and Deny Service
Severity Rating: Medium
Systems Affected:
  • NetBSD versions 6.0 - 6.0.5, 6.1 - 6.1.4, 7.0 - 7.0.2
Two vulnerabilities were reported in NetBSD and can be exploited by remote attackers to gain knowledge of sensitive information on the affected systems. The vulnerabilities reported are as follows:
·         A vulnerability exists that can allow a remote attacker to send a specially crafted ARP requests on the affected system. This can trigger a memory leak and consume excessive memory. Successful exploitation can lead to a kernel panic.
·         A vulnerability exists that can allow a remote user to send an ARP request with specially crafted hardware and protocol length values. This can cause the target system to respond with portions of uninitialized kernel data.
Users are advised to apply updates.
More information about the update is available on:
Vendor Information
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis