Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBSD Announces Four New Security Advisories

Posted by CowboyNeal on from the staying-wary dept.

Dan writes "The NetBSD project has announced four new security advisories. NetBSD ships with the racoon(8) IKE (Internet Key Exchange) daemon, a vulnerability was found in the code for packet validation of "informational exchange" messages. Inconsistent IPv6 path MTU discovery handling vulnerability states that a malicious party can cause a remote kernel panic by using ICMPv6 "too big" messages. The OpenSSL 0.9.6 ASN.1 parser vulnerability could lead to a possible denial-of-service. Finally, shmat reference counting bug - programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented."

5 of 62 comments (clear)

  1. Darn, FreeBSD also affected. by TheLink · · Score: 5, Informative

    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ FreeBSD-SA-04:02.shmat.asc

    --
    1. Re:Darn, FreeBSD also affected. by Tuzanor · · Score: 5, Informative
      All of the BSDs were affected. The bug was first found in freebsd about a month ago, then about 2 weeks ago OpenBSD was found to be vulnerable, and now the netbsd guys have found out too. So its the same MTU bug.

      This is no surprise, as they all use the same IPv6 stack (KAME).

  2. Run this and all your security problems are solved by NEOtaku17 · · Score: 4, Informative

    If your running an i386 just run this baby and it will get rid of any packages that have been flagged as insecure ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6.2/i38 6/All/audit-packages-1.27.tgz Make sure that you don't need any of the packages it get's rid of before you run it. Too see which vulnerabilities it get's rid of check out this list. Also make sure you don't need anything on this list .ftp://ftp.netbsd.org/pub/NetBSD/packages/distfile s/vulnerabilities

    --
    Creative Demolition
  3. Re:Run this and all your security problems are sol by MobyTurbo · · Score: 4, Informative
    If your running an i386 just run this baby and it will get rid of any packages that have been flagged as insecure ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6.2/i38 6/All/audit-packages-1.27.tgz
    Wrong. This tracks security problems of *packages*, as the name suggests. Problems with the base system, on the other hand, are handled by cvsing the proper source files and recompiling them; as per the advice in the security bulletins. (You *are* a subscriber to the NetBsd security announce list, aren't you? It's not high volume. :-) )
  4. Re:Did we copy the Windows Source Code? by eht · · Score: 2, Informative

    Actually largely all of them have code all intertwined, FreeBSD and NetBSD don't write their own OpenSSH apps for example, they borroww OpenBSD's, then again so does almost everyone else.

    NetBSD is actually the oldest of the current BSD's derived from BSD Net/2 (4.3BSD Lite), 386BSD was derived from that and FreeBSD is derived from 386BSD, both later got code from 4.4BSD Lite, and shortly after that OpenBSD was derived from NetBSD.

    Sort of like the bible, with "And Aramus begat Aramus Junior, who begat Aramus Junior Junior."