NetBSD Multiple Bugs in IPsec Lets Remote Users Cause the Target System to Crash - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: OS (UNIX) > NetBSD

Vendors: NetBSD

NetBSD Multiple Bugs in IPsec Lets Remote Users Cause the Target System to Crash

SecurityTracker Alert ID: 1040839

SecurityTracker URL: http://securitytracker.com/id/1040839

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 8 2018

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 6.0, 6.1, 7.0, 7.1

Description: Several vulnerabilities were reported in NetBSD. A remote user can cause the target system to crash.

A remote user can send specially crafted IPsec Authentication Header (AH) data to trigger an input validation flaw or use-after-free memory error and cause the system to crash.

A remote user can send specially crafted data to trigger a logic error and cause the system to crash when both IPsec and forwarding is enabled.

A remote user can send specially crafted data to trigger a system panic when encapsulating security payload (ESP) is enabled.

A remote user can trigger a system panic when both IPsec and IPv6 forwarding are enabled.

A remote authenticated user can trigger a use-after-free memory error in the common Tunnel code.

A remote authenticated user can exploit a pointer initialization flaw to cause an IPv6 packet to bypass the "local address spoofing" check.

A remote authenticated user can exploit a length validation flaw to cause the system to crash.

A remote authenticated user can trigger a memory leak and use-after-free memory error and cause the system to crash when both IPv6 and forwarding are enabled.

Maxime Villard reported this vulnerability.

Impact: A remote user can cause the target system to crash.

Solution: The vendor has issued a fix.

The vendor advisory is available at:

https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc

Vendor URL: ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2018-007.txt.asc (Links to External Site)

Cause: Access control error, Exception handling error, Input validation error, State error

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC