CVE-2009-2483

Name of the Vulnerable Software and Affected Versions NetBSD versions 4.0 through 4.0.1

Description The issue allows local users to cause a denial of service, resulting in a NULL pointer dereference and kernel panic. This can be achieved by using a malformed externalized plist in XML form that contains an undefined element.

Recommendations For NetBSD versions 4.0 through 4.0.1, consider restricting the use of externalized plists in XML form until a patch is available. As a temporary workaround, avoid using undefined elements in externalized plists to minimize the risk of exploitation.