[原文]The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
NetBSD if_bridge(4) Function Arbitrary Kernel Memory Disclosure
Local Access Required
Loss of Confidentiality
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when 'ioctl' calls are made on Ethernet bridge interfaces. The operating system's kernel will not fully zero out temporary stack memory to hold the results of the 'ioctl' call which could disclose kernel stack memory to the calling process, resulting in a loss of confidentiality.
The vendor has released upgrades for branches of NetBSD from 2.0 to 'current'. Upgrade to the version as of February 12, 2006 for branches 2.0 through 3.0. For the 'current' branch, upgrade to the version as of January 17, 2006. These update have been reported to fix this vulnerability. Note that the flaw was fixed without a change in version number. An upgrade is required as there are no known workarounds.