|
NetBSD Insufficient sysctl Argument Handling
|
|
Secunia Advisory:
|
SA9770
|
|
|
Release Date:
|
2003-09-18
|
|
Popularity:
|
6,026 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | NetBSD 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Different problems have been identified in the kernel sysctl code, which can lead to exposure of sensitive information or cause a Denial of Service.
Users may be able to cause a NULL pointer dereference because a pointer variable is used for both user-level and kernel addresses. This could possibly be exploited to cause a kernel panic.
Users may be able to invoke the proc.* sysctl tree on a zombie process. This would cause the kernel to dereference invalid process data resulting in a kernel panic.
The sysctl helper performs an insufficient range check for certain sysctl nodes under the proc.curproc.rlimit subtree. This could be exploited to read arbitrary kernel memory space.
Affected versions:
NetBSD-current: source prior to August 25, 2003
NetBSD 1.6.1
NetBSD 1.6
NetBSD-1.5.3
NetBSD-1.5.2
NetBSD-1.5.1
NetBSD-1.5
Solution:
Fixed versions:
NetBSD-current: August 25, 2003
NetBSD-1.6 branch: August 28, 2003
NetBSD-1.5 branch: August 28, 2003
Original Advisory:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-014.txt.asc
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
