asg
push it, don´t hype
Security Advisory
Was, Wann, ...
03.10.2003
Alle FreeBSD Releases
Korrigiert wurden:
2003-10-03 12:03:50 UTC (RELENG_4, 4.9-RC)
2003-10-03 13:02:17 UTC (RELENG_5_1, 5.1-RELEASE-p9)
2003-10-03 16:57:38 UTC (RELENG_5_0, 5.0-RELEASE-p17)
2003-10-03 13:03:44 UTC (RELENG_4_8, 4.8-RELEASE-p12)
2003-10-03 13:04:19 UTC (RELENG_4_7, 4.7-RELEASE-p22)
2003-10-03 13:05:05 UTC (RELENG_4_6, 4.6-RELEASE-p25)
2003-10-03 13:05:44 UTC (RELENG_4_5, 4.5-RELEASE-p36)
2003-10-03 13:06:32 UTC (RELENG_4_4, 4.4-RELEASE-p46)
2003-10-03 13:07:37 UTC (RELENG_4_3, 4.3-RELEASE-p42)
Problem
Ein Benutzer könnte ein negatives und extrem grossesn offset nutzen wenn dieser von einem procfs "file" liest, das wiederum kann das System zu Absturz bringen. Auch kann der Kernel ausgelesen werden und es kann an Benutzer Passwörter gelangt werden die im terminal buffer liegen.
Workaround
Unmounten von procfs und linprocfs Dateisystemen:
Nicht zu vergessen evtl. Einträge in der fstab zu löschen.
Lösung
1) Upgrade des Systems auf 4-STABLE oder RELENG_5_1, RELENG_4_8, oder RELENG_4_7 (die letzten drei sind die security branches) nach dem Korrekturtag.
2) Das System patchen:
Download von
[FreeBSD 4.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch.asc
[FreeBSD 4.4 and later 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch.asc
[FreeBSD 5.0]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch.asc
[FreeBSD 5.1]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch.asc
Den patch installieren:
Danach den Kernel neu kompilieren.
Details für die Korrekturen
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.9
src/sys/kern/kern_subr.c 1.31.2.3
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.4
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.4
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.4
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.2.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.5
src/sys/sys/uio.h 1.11.2.2
RELENG_5_1
src/UPDATING 1.251.2.11
src/sys/conf/newvers.sh 1.50.2.11
src/sys/fs/procfs/procfs_dbregs.c 1.22.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.28.2.1
src/sys/fs/procfs/procfs_regs.c 1.27.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.35.2.1
src/sys/kern/kern_subr.c 1.74.2.1
src/sys/sys/uio.h 1.27.2.1
RELENG_5_0
src/UPDATING 1.229.2.23
src/sys/conf/newvers.sh 1.48.2.18
src/sys/fs/procfs/procfs_dbregs.c 1.21.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.27.2.1
src/sys/fs/procfs/procfs_regs.c 1.26.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.32.2.1
src/sys/kern/kern_subr.c 1.63.2.2
src/sys/sys/uio.h 1.23.2.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.14
src/sys/conf/newvers.sh 1.44.2.29.2.13
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.10.1
src/sys/kern/kern_subr.c 1.31.2.2.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.8.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.8.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.8.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.14.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.8.1
src/sys/sys/uio.h 1.11.2.1.8.1
RELENG_4_7
src/UPDATING 1.73.2.74.2.25
src/sys/conf/newvers.sh 1.44.2.26.2.24
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.8.1
src/sys/kern/kern_subr.c 1.31.2.2.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.6.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.6.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.6.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.12.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.6.1
src/sys/sys/uio.h 1.11.2.1.6.1
RELENG_4_6
src/UPDATING 1.73.2.68.2.54
src/sys/conf/newvers.sh 1.44.2.23.2.42
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.6.1
src/sys/kern/kern_subr.c 1.31.2.2.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.4.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.4.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.4.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.10.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.4.1
src/sys/sys/uio.h 1.11.2.1.4.1
RELENG_4_5
src/UPDATING 1.73.2.50.2.53
src/sys/conf/newvers.sh 1.44.2.20.2.37
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.4.1
src/sys/kern/kern_subr.c 1.31.2.1.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.2.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.2.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.2.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.8.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.2.1
src/sys/sys/uio.h 1.11.2.1.2.1
RELENG_4_4
src/UPDATING 1.73.2.43.2.54
src/sys/conf/newvers.sh 1.44.2.17.2.45
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.2.1
src/sys/kern/kern_subr.c 1.31.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.2.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.2.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.2.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.6.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.4.2
src/sys/sys/uio.h 1.11.6.1
RELENG_4_3
src/UPDATING 1.73.2.28.2.41
src/sys/conf/newvers.sh 1.44.2.14.2.31
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.5.2.1
src/sys/kern/kern_subr.c 1.31.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.1.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.1.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.1.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.4.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.2.2
src/sys/sys/uio.h 1.11.4.1
- -------------------------------------------------------------------------
Was, Wann, ...
03.10.2003
Alle FreeBSD Releases
Korrigiert wurden:
2003-10-03 12:03:50 UTC (RELENG_4, 4.9-RC)
2003-10-03 13:02:17 UTC (RELENG_5_1, 5.1-RELEASE-p9)
2003-10-03 16:57:38 UTC (RELENG_5_0, 5.0-RELEASE-p17)
2003-10-03 13:03:44 UTC (RELENG_4_8, 4.8-RELEASE-p12)
2003-10-03 13:04:19 UTC (RELENG_4_7, 4.7-RELEASE-p22)
2003-10-03 13:05:05 UTC (RELENG_4_6, 4.6-RELEASE-p25)
2003-10-03 13:05:44 UTC (RELENG_4_5, 4.5-RELEASE-p36)
2003-10-03 13:06:32 UTC (RELENG_4_4, 4.4-RELEASE-p46)
2003-10-03 13:07:37 UTC (RELENG_4_3, 4.3-RELEASE-p42)
Problem
Ein Benutzer könnte ein negatives und extrem grossesn offset nutzen wenn dieser von einem procfs "file" liest, das wiederum kann das System zu Absturz bringen. Auch kann der Kernel ausgelesen werden und es kann an Benutzer Passwörter gelangt werden die im terminal buffer liegen.
Workaround
Unmounten von procfs und linprocfs Dateisystemen:
Code:
umount -a -t procfs,linprocfs
Lösung
1) Upgrade des Systems auf 4-STABLE oder RELENG_5_1, RELENG_4_8, oder RELENG_4_7 (die letzten drei sind die security branches) nach dem Korrekturtag.
2) Das System patchen:
Download von
[FreeBSD 4.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch.asc
[FreeBSD 4.4 and later 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch.asc
[FreeBSD 5.0]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch.asc
[FreeBSD 5.1]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch.asc
Den patch installieren:
Code:
# cd /usr/src
# patch < /path/to/patch
Details für die Korrekturen
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.9
src/sys/kern/kern_subr.c 1.31.2.3
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.4
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.4
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.4
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.2.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.5
src/sys/sys/uio.h 1.11.2.2
RELENG_5_1
src/UPDATING 1.251.2.11
src/sys/conf/newvers.sh 1.50.2.11
src/sys/fs/procfs/procfs_dbregs.c 1.22.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.28.2.1
src/sys/fs/procfs/procfs_regs.c 1.27.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.35.2.1
src/sys/kern/kern_subr.c 1.74.2.1
src/sys/sys/uio.h 1.27.2.1
RELENG_5_0
src/UPDATING 1.229.2.23
src/sys/conf/newvers.sh 1.48.2.18
src/sys/fs/procfs/procfs_dbregs.c 1.21.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.27.2.1
src/sys/fs/procfs/procfs_regs.c 1.26.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.32.2.1
src/sys/kern/kern_subr.c 1.63.2.2
src/sys/sys/uio.h 1.23.2.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.14
src/sys/conf/newvers.sh 1.44.2.29.2.13
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.10.1
src/sys/kern/kern_subr.c 1.31.2.2.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.8.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.8.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.8.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.14.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.8.1
src/sys/sys/uio.h 1.11.2.1.8.1
RELENG_4_7
src/UPDATING 1.73.2.74.2.25
src/sys/conf/newvers.sh 1.44.2.26.2.24
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.8.1
src/sys/kern/kern_subr.c 1.31.2.2.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.6.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.6.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.6.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.12.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.6.1
src/sys/sys/uio.h 1.11.2.1.6.1
RELENG_4_6
src/UPDATING 1.73.2.68.2.54
src/sys/conf/newvers.sh 1.44.2.23.2.42
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.6.1
src/sys/kern/kern_subr.c 1.31.2.2.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.4.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.4.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.4.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.10.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.4.1
src/sys/sys/uio.h 1.11.2.1.4.1
RELENG_4_5
src/UPDATING 1.73.2.50.2.53
src/sys/conf/newvers.sh 1.44.2.20.2.37
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.4.1
src/sys/kern/kern_subr.c 1.31.2.1.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.2.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.2.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.2.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.8.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.2.1
src/sys/sys/uio.h 1.11.2.1.2.1
RELENG_4_4
src/UPDATING 1.73.2.43.2.54
src/sys/conf/newvers.sh 1.44.2.17.2.45
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.2.1
src/sys/kern/kern_subr.c 1.31.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.2.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.2.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.2.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.6.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.4.2
src/sys/sys/uio.h 1.11.6.1
RELENG_4_3
src/UPDATING 1.73.2.28.2.41
src/sys/conf/newvers.sh 1.44.2.14.2.31
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.5.2.1
src/sys/kern/kern_subr.c 1.31.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.1.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.1.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.1.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.4.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.2.2
src/sys/sys/uio.h 1.11.4.1
- -------------------------------------------------------------------------