NetBSD IPv4 Multicast Tools Buffer Overflow Vulnerability

NetBSD IPv4 Multicast Tools Buffer Overflow Vulnerability

NetBSD has reported buffer overflow vulnerabilities in several of its IPv4 multicast tools as well as the pppd service. The mrinfo(1), mtrace(1) and the pppd(8) daemon are affected by this vulnerability.

The buffer overflow vulnerability is a result of improper boundary checking when performing FD_SET() operations. The multicast tools and the pppd service are setuid root applications. An attacker can exploit this vulnerability to obtain root privileges on vulnerable systems.