4.0.1

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

netbsd

CWE-189

NVD

Published: 2009-07-16

Updated: 2017-08-17

Summary

libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element.

Vulnerable Configurations

Part	Description	Count
OS	Netbsd Netbsd Netbsd 4.0 Netbsd Netbsd 4.0.1	2

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-003.txt.asc
http://osvdb.org/55285
http://secunia.com/advisories/35556
http://www.securityfocus.com/bid/35466
http://www.securitytracker.com/id?1022431
https://exchange.xforce.ibmcloud.com/vulnerabilities/51311