Vulnerabilities > CVE-2005-4776 - Denial-Of-Service vulnerability in NetBSD

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

netbsd

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. this vulnerbaility is addressed in the following product versions: NetBSD, NetBSD, 2.0.3, and higher

Vulnerable Configurations

Part	Description	Count
OS	Netbsd Netbsd Netbsd 1.6 Netbsd Netbsd 1.6.1 Netbsd Netbsd 1.6.2 Netbsd Netbsd 2.0 Netbsd Netbsd 2.0.1 Netbsd Netbsd 2.0.2	7

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc
http://mail-index.netbsd.org/source-changes/2005/09/13/0024.html
http://www.osvdb.org/20757