NetBSD sendmsg Denial of Service Vulnerability

A potential denial of service vulnerability exists in the NetBSD kernel.

The problem is the result of an input validation error in the sendmsg(2) function and is due to insufficient length checking on the 'msg_controllen' member of the 'msghdr' structure.

Because the kernel fails to check the length given with the msg_controllen member, it is possible to cause a page fault trap or 'out of space in kmem_map' kernel panic if the value is sized to a large enough value.


Privacy Statement
Copyright 2010, SecurityFocus