CVE-2002-1490

Name of the Vulnerable Software and Affected Versions NetBSD versions 1.4 through 1.6 beta

Description The issue allows local users to cause a denial of service, resulting in a kernel panic. This is achieved through a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter. The counter is set to zero, leading to the freeing of memory that is still in use by other processes.

Recommendations For NetBSD versions 1.4 through 1.6 beta, as a temporary workaround, consider restricting access to the TIOCSCTTY ioctl until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.