|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
NetBSD contains a flaw related to the process file system (procfs) that may allow a malicious user to cause a negative uio_offset. No further details have been provided.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Denial of Service,
Information Disclosure
Impact:
Loss of Confidentiality,
Loss of Availability
Exploit:
Exploit Unavailable
Disclosure:
OSVDB Verified
|
|
Technical |
While specific details regarding this vulnerability were not provided by the vendor, a negative offset should not be permitted when using the process file system (procfs).
If a malicious user causes a negative offset when reading from a procfs file, a system crash and/or kernel memory disclosure will result. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.
|
|
Solution |
Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
NetBSD
 |
1.2.x |
1.3 |
1.3.x |
1.4 |
1.5 |
1.6 |
1.6.1 |
1.5.x |
2.0 |
1.0 |
1.1 |
1.4.x |
1.6.2 |
2.0.1 |
2.0.2 |
1.2 |
0.9 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
