The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetBSD

vulnerability note 25814

NetBSD: multiple vulnerabilities via Network Stack

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 3/4.
Consequences: user access/rights, denial of service on server, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 10/04/2018.
Identifiers: NetBSD-SA2018-006, VIGILANCE-VUL-25814.

Description of the vulnerability

An attacker can use several vulnerabilities via Network Stack of NetBSD.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 25813

NetBSD: privilege escalation via Xen-amd64

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 10/04/2018.
Identifiers: NetBSD-SA2018-005, VIGILANCE-VUL-25813.

Description of the vulnerability

An attacker can bypass restrictions via Xen-amd64 of NetBSD, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 25283

NetBSD: denial of service via a IPsec AH packet for IPv6

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 13/02/2018.
Identifiers: NetBSD-SA2018-003, VIGILANCE-VUL-25283.

Description of the vulnerability

An attacker can send an IPsec AH packet for IPv6 with an option of declared size 0 to a NetBSD host, in order to trigger an endless loop in the kernel and so an host freeze.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 25282

NetBSD: memory corruption via a fragmented IPv6 packet

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 13/02/2018.
Identifiers: NetBSD-SA2018-004, VIGILANCE-VUL-25282.

Description of the vulnerability

An attacker sending a fragmented IPv6 packet with specially packed options, can generate a memory corruption in the NetBSD kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 24927

NetBSD: denial of service via virecover

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 03/01/2018.
Identifiers: NetBSD-SA2018-002, VIGILANCE-VUL-24927.

Description of the vulnerability

An attacker can generate a fatal error via virecover of NetBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 24926

NetBSD: privilege escalation via Context Handling

Synthesis of the vulnerability

Impacted products: NetBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 03/01/2018.
Identifiers: NetBSD-SA2018-001, VIGILANCE-VUL-24926.

Description of the vulnerability

An attacker can bypass restrictions via Context Handling of NetBSD, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-16612

libXcursor: buffer overflow via Comments

Synthesis of the vulnerability

Impacted products: Debian, Fedora, NetBSD, openSUSE Leap, Solaris, Ubuntu, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 28/11/2017.
Identifiers: bulletinapr2018, CVE-2017-16612, DLA-1201-1, DSA-4059-1, FEDORA-2018-0eed1be1c0, FEDORA-2018-1c5dada34b, openSUSE-SU-2018:0504-1, USN-3501-1, USN-3622-1, VIGILANCE-VUL-24559.

Description of the vulnerability

An attacker can generate a buffer overflow via Comments of libXcursor, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-16611

libXfont: file corruption via fonts.dir/fonts.alias

Synthesis of the vulnerability

Impacted products: Fedora, NetBSD, Solaris, Ubuntu, XOrg Bundle ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 28/11/2017.
Identifiers: bulletinapr2018, CVE-2017-16611, FEDORA-2018-05b078c373, FEDORA-2018-4f5a3e792f, FEDORA-2018-5a7cd68500, FEDORA-2018-e27b435a7f, USN-3500-1, VIGILANCE-VUL-24558.

Description of the vulnerability

A local attacker can create a symbolic link named fonts.dir/fonts.alias, in order to alter the pointed file, with privileges of libXfont.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Confidence: confirmed by the editor (5/5).
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-12176 CVE-2017-12177 CVE-2017-12178

X.Org Server: multiple vulnerabilities

Synthesis of the vulnerability

Impacted products: Debian, NetBSD, openSUSE Leap, Solaris, Slackware, Ubuntu, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 13/10/2017.
Identifiers: bulletinoct2018, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, DLA-1186-1, DSA-4000-1, openSUSE-SU-2017:2823-1, SSA:2017-291-03, USN-3456-1, VIGILANCE-VUL-24130.

Description of the vulnerability

An attacker can use several vulnerabilities of X.Org Server.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetBSD: