Vigil@nce - NetBSD: denial of service via ICMPV6CTL_ND6_PRLIST
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use a command using the ICMPV6CTL_ND6_PRLIST
sysctl on NetBSD, in order to trigger a denial of service.
Impacted products: NetBSD
Severity: 1/4
Creation date: 20/12/2013
DESCRIPTION OF THE VULNERABILITY
The ICMPV6CTL_ND6_PRLIST sysctl obtains the list of IPv6 routing
prefixes. This list is obtained from received Router Advertisement
messages. This sysctl is called by the "ndp -p" command.
However, if the processor does not support unaligned memory
addresses, a fatal error occurs when ICMPV6CTL_ND6_PRLIST
generates the list.
A local attacker can therefore use a command using the
ICMPV6CTL_ND6_PRLIST sysctl on NetBSD, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NetBSD-denial-of-service-via-ICMPV6CTL-ND6-PRLIST-13975