NetBSD Security Advisories

NetBSD Security Advisories are available at

An HTML archive of advisories is also available.

NOTE: THE MIRROR AT IS NOT CURRENT AS OF THE LAST MIRRORED DATE. But they are temporarily available here.

Date of Last Mirrored Security Advisory: 2005-05-22 (yyyy-mm-dd)

NetBSD summaries linked below:
2005  2004   2003  2002   2001  2000   1999  1998  

Security Notices


NetBSD-SA2004-010.txt.asc Insufficient argument validation in compat code
NetBSD-SA2004-009.txt.asc ftpd root escalation
NetBSD-SA2004-008.txt.asc CVS server vulnerability
NetBSD-SA2004-007.txt.asc Systrace systrace_exit() local root
NetBSD-SA2004-006.txt.asc TCP protocol and implementation vulnerability
NetBSD-SA2004-005.txt.asc Denial of service vulnerabilities in OpenSSL
NetBSD-SA2004-004.txt.asc shmat reference counting bug
NetBSD-SA2004-003.txt.asc OpenSSL 0.9.6 ASN.1 parser vulnerability
NetBSD-SA2004-002.txt.asc Inconsistent IPv6 path MTU discovery handling
NetBSD-SA2004-001.txt.asc Insufficient packet validation in racoon IKE daemon


NetBSD-SA2003-018.txt.asc DNS negative cache poisoning
NetBSD-SA2003-017.txt.asc OpenSSL multiple vulnerabilities
NetBSD-SA2003-016.txt.asc Sendmail - another prescan() bug CAN-2003-0694
NetBSD-SA2003-015.txt.asc Remote and local vulnerabilities in XFree86 font libraries
NetBSD-SA2003-014.txt.asc Insufficient argument checking in sysctl(2)
NetBSD-SA2003-013.txt.asc Kernel memory disclosure via ibcs2
NetBSD-SA2003-012.txt.asc Out of bounds memset(0) in sshd
NetBSD-SA2003-011.txt.asc off-by-one error in realpath(3)
NetBSD-SA2003-010.txt.asc remote panic in OSI networking code
NetBSD-SA2003-009.txt.asc sendmail buffer overrun in prescan() address parser
NetBSD-SA2003-008.txt.asc faulty length checks in xdrmem_getbytes
NetBSD-SA2003-007.txt.asc (Another) Encryption weakness in OpenSSL code
NetBSD-SA2003-006.txt.asc Cryptographic weaknesses in Kerberos v4 protocol
NetBSD-SA2003-005.txt.asc RSA timing attack in OpenSSL code
NetBSD-SA2003-004.txt.asc Format string vulnerability in zlib gzprintf()
NetBSD-SA2003-003.txt.asc Buffer Overflow in file(1)
NetBSD-SA2003-002.txt.asc Malformed header Sendmail Vulnerability
NetBSD-SA2003-001.txt.asc Encryption weakness in OpenSSL code


NetBSD-SA2002-029.txt.asc named(8) multiple denial of service and remote execution of code
NetBSD-SA2002-028.txt.asc Buffer overrun in getnetbyname/getnetbyaddr
NetBSD-SA2002-027.txt.asc ftpd STAT output non-conformance can deceive firewall devices
NetBSD-SA2002-026.txt.asc Buffer overflow in kadmind daemon
NetBSD-SA2002-025.txt.asc trek(6) buffer overrun
NetBSD-SA2002-024.txt.asc IPFilter FTP proxy
NetBSD-SA2002-023.txt.asc sendmail smrsh bypass vulnerability
NetBSD-SA2002-022.txt.asc buffer overrun in pic(1)
NetBSD-SA2002-021.txt.asc rogue vulnerability
NetBSD-SA2002-019.txt.asc Buffer overrun in talkd
NetBSD-SA2002-018.txt.asc Multiple security isses with kfd daemon
NetBSD-SA2002-017.txt.asc shutdown(s, SHUT_RD) on TCP socket does not work as intended
NetBSD-SA2002-016.txt.asc Insufficient length check in ESP authentication data
NetBSD-SA2002-015.txt.asc (another) buffer overrun in libc/libresolv DNS resolver
NetBSD-SA2002-014.txt.asc fd_set overrun in mbone tools and pppd
NetBSD-SA2002-013.txt.asc Bug in NFS server code allows remote denial of service
NetBSD-SA2002-012.txt.asc buffer overrun in setlocale
NetBSD-SA2002-011.txt.asc Sun RPC XDR decoder contains buffer overflow
NetBSD-SA2002-010.txt.asc symlink race in pppd
NetBSD-SA2002-009.txt.asc Multiple vulnerabilities in OpenSSL code
NetBSD-SA2002-007.txt.asc Repeated TIOCSCTTY ioctl can corrupt session hold counts
NetBSD-SA2002-006.txt.asc buffer overrun in libc/libresolv DNS resolver
NetBSD-SA2002-005.txt.asc OpenSSH protocol version 2 challenge-response authentication
NetBSD-SA2002-004.txt.asc Off-by-one error in openssh session
NetBSD-SA2002-003.txt.asc IPv4 forwarding doesn't consult inbound SPD
NetBSD-SA2002-002.txt.asc gzip buffer overrun with long filename
NetBSD-SA2002-001.txt.asc Close-on-exec, SUID and ptrace(2)


NetBSD-SA2001-018.txt.asc Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
NetBSD-SA2001-017.txt.asc sendmail(8) incorrect command line argument check leads to
NetBSD-SA2001-016.txt.asc unsafe chdir usage in fts(3)
NetBSD-SA2001-015.txt.asc Insufficient checking of lengths passed from userland to kernel
NetBSD-SA2001-014.txt.asc dump(8) exposes 'tty' group
NetBSD-SA2001-013.txt.asc OpenSSL PRNG weakness (up to 0.9.6a)
NetBSD-SA2001-012.txt.asc telnetd(8) options overflow
NetBSD-SA2001-011.txt.asc Insufficient msg_controllen checking for sendmsg(2)
NetBSD-SA2001-010.txt.asc sshd(8) "cookies" file mishandling on X11 forwarding
NetBSD-SA2001-009.txt.asc Race condition between sugid-exec and ptrace(2)
NetBSD-SA2001-008.txt.asc Processes can gain "Supervisor" privileges on sh3.
NetBSD-SA2001-007.txt.asc IP Filter may incorrectly pass packets
NetBSD-SA2001-006.txt.asc Denial of service using bogus fragmented IPv4 packets
NetBSD-SA2001-005.txt.asc Ftpd denial of service and remote buffer overflow
NetBSD-SA2001-004.txt.asc NTP remote buffer overflow
NetBSD-SA2001-003.txt.asc Secure Shell vulnerabilities and key generation.
NetBSD-SA2001-002.txt.asc Vulnerability in x86 USER_LDT validation.
NetBSD-SA2001-001.txt.asc Multiple BIND vulnerabilities


NetBSD-SA2000-018.txt.asc One-byte buffer overrun in ftpd
NetBSD-SA2000-017.txt.asc Exploitable bugs in kerberised telnetd and libkrb
NetBSD-SA2000-015.txt.asc format-string bugs in passwd/libutil
NetBSD-SA2000-014.txt.asc Global-3.55 allows world-wide executable cgi.
NetBSD-SA2000-013.txt.asc cfengine contains format string vulnerabilities
NetBSD-SA2000-012.txt.asc buffer overflow in NIS hostname lookup code
NetBSD-SA2000-011.txt.asc vulnerability in netscape versions prior to 4.74
NetBSD-SA2000-010.txt.asc wu-ftpd package vulnerability.
NetBSD-SA2000-009.txt.asc ftpd setproctitle vulnerability.
NetBSD-SA2000-008.txt.asc dhclient vulnerability
NetBSD-SA2000-007.txt.asc bad key generation in libdes if no /dev/urandom
NetBSD-SA2000-006.txt.asc /etc/ftpchroot parsing broken in NetBSD-1.4.2
NetBSD-SA2000-005.txt.asc Local "cpu-hog" denial of service
NetBSD-SA2000-004.txt.asc SysV semaphore denial-of-service
NetBSD-SA2000-003.txt.asc Exploitable Vulnerability in Xlockmore
NetBSD-SA2000-002.txt.asc IP options processing Denial of Service
NetBSD-SA2000-001.txt.asc procfs security hole


NetBSD-SA1999-012.txt.asc ptrace(2)'d processes can gain "kernel" privileges on vax.
NetBSD-SA1999-011.txt.asc profil(2) can modify setuid root programs
NetBSD-SA1999-010.txt.asc ARP table vulnerability
NetBSD-SA1999-009.txt.asc SVR4 compatibility device creation vulnerability
NetBSD-SA1999-008.txt.asc Kernel hang or panic in name lookup under certain circumstances
NetBSD-SA1999-007.txt.asc noexec mount flag is not properly handled by non-root mount
NetBSD-SA1999-006.txt.asc Security hole in umapfs
NetBSD-SA1999-005.txt.asc Security problem in lsof package fixed.
NetBSD-SA1999-004.txt.asc traceroute can create untraceable packet floods
NetBSD-SA1999-003.txt.asc Security problems in wu-ftpd package fixed
NetBSD-SA1999-002.txt.asc Security problem with netstat
NetBSD-SA1999-001.txt.asc select(2)/accept(2) race condition in TCP servers


NetBSD-SA1998-005.txt.asc Problem with mmap(2) and many drivers.
NetBSD-SA1998-004.txt.asc Problem with at(1) allows any file to be read.
NetBSD-SA1998-003.txt.asc mmap(2) of append-only files may result in corrupted data.
NetBSD-SA1998-002.txt.asc xterm and Xaw library vulnerability
NetBSD-SA1998-001.txt.asc BIND 4.9.6 vulnerabilities

Events - SVBUG Events
BABE - Bay Area BSD Events
BSD Developer (Documentation, Mirrors, Benchmarks, Online Tools)
BSD Administrator (Man, Security, Ports)

Past SVBUG Events
About BSD
History of BSD

Site Map

For questions or comments, please send mail to: © 30-Apr-2006