NetBSD Security Officer | 4 Aug 20:17 2003
Picon

NetBSD Security Advisory 2003-011: off-by-one error in realpath(3)


-----BEGIN PGP SIGNED MESSAGE-----

		 NetBSD Security Advisory 2003-011
		 =================================

Topic:		off-by-one error in realpath(3)

Version:	NetBSD-current:	source prior to August 4, 2003
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected

Severity:	Possible remote buffer overrun/root compromise

Fixed:		NetBSD-current:		August 4, 2003
		NetBSD-1.6 branch:	August 5, 2003 (1.6.2 will include the fix)
		NetBSD-1.5 branch:	Awaiting pullups

Abstract
========

In the library function realpath(3), there was a string manipulation
mistake which could lead to 1-byte buffer overrun.  realpath(3) is
being used by important network daemons such as ftpd(8),
therefore the vulnerability could be remotely exploitable.

(Continue reading)

NetBSD Security Officer | 4 Aug 20:13 2003
Picon

NetBSD Security Advisory 2003-010: remote panic in OSI networking code


-----BEGIN PGP SIGNED MESSAGE-----

		 NetBSD Security Advisory 2003-010
		 =================================

Topic:		remote panic in OSI networking code

Version:	NetBSD-current:	source prior to May 26, 2003
		NetBSD 1.6.1:	affected
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected

Severity:	remote system crash possible on OSI connected systems

Fixed:		NetBSD-current:		May 26, 2003
		NetBSD-1.6 branch:	May 26, 2003 (1.6.2 will include the fix)
		NetBSD-1.5 branch:	May 28, 2003

Abstract
========

It is possible to crash an OSI connected system remotely by sending it
a carefully prepared OSI networking packet.

Technical Details
=================
(Continue reading)


Gmane