CVE-2017-1000372

Name of the Vulnerable Software and Affected Versions OpenBSD versions 6.1 and earlier NetBSD (affected versions not specified)

Description The issue is related to a flaw in the implementation of the stack guard page, which can be bypassed, allowing for arbitrary code execution. This can be achieved by using specially crafted setuid binaries, such as /usr/bin/at. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.

Recommendations For OpenBSD versions 6.1 and earlier, update to a version that includes a fix for this issue. For NetBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to setuid binaries, such as at, to minimize the risk of exploitation.