Vigil@nce - NetBSD: three vulnerabilities of Compatibility Layers
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Compatibility
Layers of NetBSD.
Impacted products: NetBSD.
Severity: 2/4.
Creation date: 22/04/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in NetBSD.
An attacker can create a memory leak in COMPAT_NETBSD32 sendmsg,
in order to trigger a denial of service. [severity:1/4]
An attacker can generate a buffer overflow in COMPAT_NETBSD32
ioctl, in order to trigger a denial of service, and possibly to
run code. [severity:2/4]
An attacker can trigger a fatal error in COMPAT_OSF1 sendmsg, in
order to trigger a denial of service. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/NetBSD-three-vulnerabilities-of-Compatibility-Layers-19439