CVE-2002-1500

Name of the Vulnerable Software and Affected Versions NetBSD versions 1.4.x through 1.6

Description A buffer overflow issue exists in certain programs, including mrinfo, mtrace, and pppd, allowing local users to gain privileges. This occurs when the file descriptor tables are filled, resulting in file descriptors larger than FD SETSIZE, which are not properly checked by the FD SET() function.

Recommendations For NetBSD versions 1.4.x through 1.6, consider restricting access to the mrinfo, mtrace, and pppd programs until a fix is available. As a temporary workaround, avoid executing these programs with elevated privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.