NetBSD clcs emuxki denial of service
| netbsd-clcs-emuxki-dos (21526) |  Medium Risk |
Description:
NetBSD could allow a local attacker to cause a denial of service by changing the block size on the audio device using the ioctl and changing the pause state to unpaused to cause a divide-by-zero error resulting in the kernel crashing.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of NetBSD (NetBSD-current dated June 12, 2005 or later), as listed in NetBSD NetBSD Security Advisory 2005-002. See References.
References:
- NetBSD Security Advisory 2005-002: Local DoS via audio device with specific drivers.
- BID-14122: NetBSD CLCS / EMUXKI Audio Driver Local Denial of Service Vulnerability
- CVE-2005-2134: The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to unpaused in the same ioctl, which causes a divide-by-zero error.
Platforms Affected:
- NetBSD NetBSD 1.6
- NetBSD NetBSD 1.6.1
- NetBSD NetBSD 1.6.2
- NetBSD NetBSD 2.0
- NetBSD NetBSD 2.0.1
- NetBSD NetBSD 2.0.2
Reported:
Jun 13, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net