Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBSD Announces Four New Security Advisories

Posted by CowboyNeal on from the staying-wary dept.

Dan writes "The NetBSD project has announced four new security advisories. NetBSD ships with the racoon(8) IKE (Internet Key Exchange) daemon, a vulnerability was found in the code for packet validation of "informational exchange" messages. Inconsistent IPv6 path MTU discovery handling vulnerability states that a malicious party can cause a remote kernel panic by using ICMPv6 "too big" messages. The OpenSSL 0.9.6 ASN.1 parser vulnerability could lead to a possible denial-of-service. Finally, shmat reference counting bug - programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented."

4 of 62 comments (clear)

  1. Darn, FreeBSD also affected. by TheLink · · Score: 5, Informative

    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ FreeBSD-SA-04:02.shmat.asc

    --
    1. Re:Darn, FreeBSD also affected. by Tuzanor · · Score: 5, Informative
      All of the BSDs were affected. The bug was first found in freebsd about a month ago, then about 2 weeks ago OpenBSD was found to be vulnerable, and now the netbsd guys have found out too. So its the same MTU bug.

      This is no surprise, as they all use the same IPv6 stack (KAME).

  2. Run this and all your security problems are solved by NEOtaku17 · · Score: 4, Informative

    If your running an i386 just run this baby and it will get rid of any packages that have been flagged as insecure ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6.2/i38 6/All/audit-packages-1.27.tgz Make sure that you don't need any of the packages it get's rid of before you run it. Too see which vulnerabilities it get's rid of check out this list. Also make sure you don't need anything on this list .ftp://ftp.netbsd.org/pub/NetBSD/packages/distfile s/vulnerabilities

    --
    Creative Demolition
  3. Re:Run this and all your security problems are sol by MobyTurbo · · Score: 4, Informative
    If your running an i386 just run this baby and it will get rid of any packages that have been flagged as insecure ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6.2/i38 6/All/audit-packages-1.27.tgz
    Wrong. This tracks security problems of *packages*, as the name suggests. Problems with the base system, on the other hand, are handled by cvsing the proper source files and recompiling them; as per the advice in the security bulletins. (You *are* a subscriber to the NetBsd security announce list, aren't you? It's not high volume. :-) )