CVE-2010-2530

Name of the Vulnerable Software and Affected Versions NetBSD versions prior to 5.0.3 FreeBSD (affected versions not specified) Apple Mac OS X (affected versions not specified)

Description The issue is related to multiple integer signedness errors in the netsmb module in the kernel. These errors can be exploited by local users to cause a denial of service, resulting in a system panic. This can be achieved by passing a negative size value in a /dev/nsmb ioctl operation, for example, through an SMBIOC LOOKUP or SMBIOC OPENSESSION ioctl call.

Recommendations For NetBSD versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. For FreeBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Apple Mac OS X, at the moment, there is no information about a newer version that contains a fix for this vulnerability.