NetBSD ARP vulnerabilties could allow denial of service attacks or traffic hijacking

netbsd-arp (2202)

High Risk

Description:

Two vulnerabilities in the Address Resolution Protocol (ARP) system under NetBSD could allow remote attacks on vulnerable systems. The first vulnerability allows ARP packets on one network to change the tables for another network connected to the same computer. The second vulnerability allows ARP packets to overwrite "static" entries in the table.

Platforms Affected:

• NetBSD, NetBSD 1.3
• SGI, IRIX 6.0
• SGI, IRIX 6.0.1
• SGI, IRIX 6.1
• SGI, IRIX 6.2
• SGI, IRIX 6.3
• SGI, IRIX 6.4
• SGI, IRIX 6.5
• SGI, IRIX 6.5.1
• SGI, IRIX 6.5.10
• SGI, IRIX 6.5.10f
• SGI, IRIX 6.5.10m
• SGI, IRIX 6.5.11
• SGI, IRIX 6.5.11f
• SGI, IRIX 6.5.11m
• SGI, IRIX 6.5.12
• SGI, IRIX 6.5.12f
• SGI, IRIX 6.5.12m
• SGI, IRIX 6.5.13
• SGI, IRIX 6.5.13f
• SGI, IRIX 6.5.13m
• SGI, IRIX 6.5.14
• SGI, IRIX 6.5.14f
• SGI, IRIX 6.5.14m
• SGI, IRIX 6.5.15
• SGI, IRIX 6.5.15f
• SGI, IRIX 6.5.15m
• SGI, IRIX 6.5.16
• SGI, IRIX 6.5.16f
• SGI, IRIX 6.5.16m
• SGI, IRIX 6.5.17
• SGI, IRIX 6.5.17f
• SGI, IRIX 6.5.17m
• SGI, IRIX 6.5.18
• SGI, IRIX 6.5.18f
• SGI, IRIX 6.5.18m
• SGI, IRIX 6.5.19
• SGI, IRIX 6.5.19f
• SGI, IRIX 6.5.19m
• SGI, IRIX 6.5.2
• SGI, IRIX 6.5.20
• SGI, IRIX 6.5.20f
• SGI, IRIX 6.5.20m
• SGI, IRIX 6.5.21
• SGI, IRIX 6.5.21f
• SGI, IRIX 6.5.21m
• SGI, IRIX 6.5.22
• SGI, IRIX 6.5.22m
• SGI, IRIX 6.5.23
• SGI, IRIX 6.5.23m
• SGI, IRIX 6.5.24
• SGI, IRIX 6.5.24m
• SGI, IRIX 6.5.25
• SGI, IRIX 6.5.2f
• SGI, IRIX 6.5.2m
• SGI, IRIX 6.5.3
• SGI, IRIX 6.5.3f
• SGI, IRIX 6.5.3m
• SGI, IRIX 6.5.4
• SGI, IRIX 6.5.4f
• SGI, IRIX 6.5.4m
• SGI, IRIX 6.5.5
• SGI, IRIX 6.5.5f
• SGI, IRIX 6.5.5m
• SGI, IRIX 6.5.6
• SGI, IRIX 6.5.6f
• SGI, IRIX 6.5.6m
• SGI, IRIX 6.5.7
• SGI, IRIX 6.5.7f
• SGI, IRIX 6.5.7m
• SGI, IRIX 6.5.8
• SGI, IRIX 6.5.8f
• SGI, IRIX 6.5.8m
• SGI, IRIX 6.5.9
• SGI, IRIX 6.5.9f
• SGI, IRIX 6.5.9m

Remedy:

For NetBSD 1.3.3:
Apply the 19990505-arp patch, as listed in NetBSD Security Advisory 1999-010. See References.

Note: This vulnerability was fixed in NetBSD 1.4 or later.

For SGI IRIX 6.5.25 and earlier:
Apply the appropriate patch for your system, as listed in SGI Security Advisory 20040905-01-P. See References.

Consequences:

Bypass Security

References:

• NetBSD Security Advisory 1999-010, ARP table vulnerability at http://online.securityfocus.com/advisories/1541. (From SecurityFocus archive.)
• SGI Security Advisory 20040905-01-P, bsd.a kernel networking vulnerabilities at ftp://patches.sgi.com/support/free/security/advisories/20040905-01-P.asc.
• BID-11278: SGI IRIX Undisclosed ARP Handling Vulnerability
• BID-264: NetBSD ARP Cross Network Vulnerability
• BID-265: NetBSD Static ARP Vulnerability
• CVE-1999-0763: NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
• CVE-1999-0764: NetBSD allows ARP packets to overwrite static ARP entries.
• OSVDB ID: 6539: NetBSD Static ARP Entry Arbitrary Overwrite
• OSVDB ID: 6540: NetBSD Multi-homed Host Arbitrary ARP Packet Modification

Reported:

May 21, 1999

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page