The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NetBSD: denial of service via modctl

Synthesis of the vulnerability 

A local attacker can use modctl of NetBSD, in order to trigger a denial of service.
Impacted products: NetBSD.
Severity of this bulletin: 1/4.
Creation date: 27/08/2014.
Revisions dates: 27/08/2014, 09/09/2014.
Références of this threat: NetBSD-SA2014-011, VIGILANCE-VUL-15237.

Description of the vulnerability 

The modctl() system call performs an operation on a kernel module.

The MODCTL_LOAD operation loads a module. The kernel allocates the requested size. However, a size of zero or too large stops the kernel.

A local attacker can therefore use modctl of NetBSD, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity alert impacts software or systems such as NetBSD.

Our Vigil@nce team determined that the severity of this weakness is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat 

NetBSD: patch for modctl.
A patch is available in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.