Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-32


NetBSD ARP Processing Flaws Let Remote Users Obtain Potentially Sensitive Information and Deny Service
Severity Rating: Medium
Systems Affected:
  • NetBSD versions 6.0 - 6.0.5, 6.1 - 6.1.4, 7.0 - 7.0.2
Description
Two vulnerabilities were reported in NetBSD and can be exploited by remote attackers to gain knowledge of sensitive information on the affected systems. The vulnerabilities reported are as follows:
 
·         A vulnerability exists that can allow a remote attacker to send a specially crafted ARP requests on the affected system. This can trigger a memory leak and consume excessive memory. Successful exploitation can lead to a kernel panic.
 
·         A vulnerability exists that can allow a remote user to send an ARP request with specially crafted hardware and protocol length values. This can cause the target system to respond with portions of uninitialized kernel data.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
Vendor Information
NetBSD
 
References
Security Tracker
 
NetBSD
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis