NetBSD ARP Processing Flaws Let Remote Users Obtain Potentially Sensitive Information and Deny Service
Severity Rating: Medium
- NetBSD versions 6.0 - 6.0.5, 6.1 - 6.1.4, 7.0 - 7.0.2
Two vulnerabilities were reported in NetBSD and can be exploited by remote attackers to gain knowledge of sensitive information on the affected systems. The vulnerabilities reported are as follows:
· A vulnerability exists that can allow a remote attacker to send a specially crafted ARP requests on the affected system. This can trigger a memory leak and consume excessive memory. Successful exploitation can lead to a kernel panic.
· A vulnerability exists that can allow a remote user to send an ARP request with specially crafted hardware and protocol length values. This can cause the target system to respond with portions of uninitialized kernel data.
Users are advised to apply updates.
More information about the update is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street