NetBSD sysctl() Memory Exhaustion Local DoS

2006-04-12T00:00:00
ID OSVDB:24579
Type osvdb
Reporter Matthias Drochner()
Modified 2006-04-12T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user causes a system lockup by allocating all available physical memory to a user supplied buffer where results of the sysctl(3) call are stored, and will result in loss of availability for the platform.

Solution Description

Obtain fixed kernel sources, rebuild and install the new kernel, and reboot the system.

The fixed source may be obtained from the NetBSD CVS repository.

Short Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user causes a system lockup by allocating all available physical memory to a user supplied buffer where results of the sysctl(3) call are stored, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.netbsd.org Vendor Specific Advisory URL Security Tracker: 1015909 Secunia Advisory ID:19616 Mail List Post: http://archives.neohapsis.com/archives/netbsd/2006-q2/0018.html Keyword: NetBSD Security Advisory 2006-013 ISS X-Force ID: 25764 CVE-2006-1814 Bugtraq ID: 17498