Potential intrusion into NetBSD systems via FTP server
The developers of NetBSD have published a security advisory and an additional security note, to call attention to vulnerabilities in their operating system.
The advisory describes a buffer overflow in the glob function of the C-library for expanding files and directory names and indicates that the function is used by the FTP service for NetBSD (this service is turned off by default). To exploit the hole, attackers must have enough rights to create directories. A rigged directory name is then used to plant code and execute it with root rights. The developers note that there are applications from other manufacturers that also employ the vulnerable function. The original bug report does not indicate exactly which NetBSD versions are affected. The update removes the flaw.
An additional vulnerability, in the FireWire driver, is described in the security note, through which registered users can spy on portions of the system's kernel memory. Although FireWire support is not normally present for standard NetBSD systems, the developers nevertheless encourage users to update from NetBSD-current, to sources dated 16 November 2006 or after. Users of NetBSD-4 should update to versions released after 3 December 2006.
- libc glob(3) buffer overflow, bug advisory from NetBSD
- Kernel memory leakage in firewire interface, bug advisory from NetBSD