NetBSD audio_write() Filter List Modification Local DoS

2006-04-27T00:00:00
ID OSVDB:25086
Type osvdb
Reporter Christian Biere(christianbiere@gmx.de)
Modified 2006-04-27T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user changes the sample rate of an audio device during playback, and will result in loss of availability for the platform.

Solution Description

Update from CVS, re-build, and re-install the kernel:

cd src

cvs update -d -P sys/dev/audio.c

cvs update -d -P sys/dev/audio_if.h

cvs update -d -P sys/dev/audiovar.h

./build.sh kernel=KERNCONF

mv /netbsd /netbsd.old

cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd

shutdown -r now

Short Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user changes the sample rate of an audio device during playback, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.netbsd.org Vendor Specific Advisory URL Security Tracker: 1016004 CVE-2006-2205