CVE-2006-1588

Name of the Vulnerable Software and Affected Versions: NetBSD versions 1.6 through 3.0

Description: The issue concerns the bridge ioctl in the if bridge code, which fails to clear sensitive memory before copying ioctl results to the requesting process. This allows local users to obtain portions of kernel memory.

Recommendations: For NetBSD versions 1.6 through 3.0, consider applying a patch or configuration change to clear sensitive memory before copying ioctl results to the requesting process, as a temporary workaround, restrict access to the if bridge code to minimize the risk of exploitation.