COMMAND

    kernel

SYSTEMS AFFECTED

    NetBSD-current from 19980603 to 19990208

PROBLEM

    Following is based  on NetBSD Security  Advisory.  In  the version
    of netstat  between the  two dates  above, a  security hole exists
    which  will  allow  non-root  users  to  examine any kernel memory
    location.  The  code which was  added to allow  printing of kernel
    protocol  control  blocks  does  not  have  strict  checks to make
    certain  the  memory  being  display  is a protocol control block.
    Also,  since  the  block  contains  information  like TCP sequence
    numbers, users should  generally not be  allowed to examine  these
    blocks.   Thanks  go to Michael Graff  and Charles Hannum for  the
    discovery and resolution of this bug.

SOLUTION

    NetBSD-current users  should update  to a  source tree  newer than
    19990208, or apply this patch and rebuild netstat:

        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990208-netstat

    If this action cannot be taken easily, netstat can be disabled for
    non-root users:

        chmod 555 /usr/bin/netstat