News
Vigil@nce: NetBSD, denial of service via proplib
June 2009 by Vigil@nce
A local attacker can stop applications or drivers using proplib.
Severity: 1/4
Consequences: denial of service of computer, denial of service of service
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 24/06/2009
IMPACTED PRODUCTS
NetBSD
DESCRIPTION OF THE VULNERABILITY
The proplib library is used to manipulate property lists (plist), using booleans (true, false), integers (integer, real) or strings (string), stored in an XML tree.
The _prop_object_internalize_by_tag() function of the
src/common/lib/libprop/prop_object.c file reads XML tags. However,
when an XML tag is not standard (such as "
A local attacker can therefore stop applications or drivers using proplib.
CHARACTERISTICS
Identifiers: BID-35466, NetBSD-SA2009-003, VIGILANCE-VUL-8819
http://vigilance.fr/vulnerability/NetBSD-denial-of-service-via-proplib-8819
