NetBSD F_CLOSEM fnctl() Local DoS

2005-10-31T00:00:00
ID OSVDB:20755
Type osvdb
Reporter Brian Marcotte()
Modified 2005-10-31T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls F_CLOSEM fnctl() with the parameter 0, causing an infinite loop in the kernel, resulting in a loss of availability for the platform.

Solution Description

Upgrade to version 2.0 after the correction date or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls F_CLOSEM fnctl() with the parameter 0, causing an infinite loop in the kernel, resulting in a loss of availability for the platform.

References:

Vendor Specific Advisory URL CVE-2005-4733