Security Advisory: FreeBSD procfs Fehler

asg

asg

push it, don´t hype
Security Advisory

Was, Wann, ...
03.10.2003
Alle FreeBSD Releases
Korrigiert wurden:
2003-10-03 12:03:50 UTC (RELENG_4, 4.9-RC)
2003-10-03 13:02:17 UTC (RELENG_5_1, 5.1-RELEASE-p9)
2003-10-03 16:57:38 UTC (RELENG_5_0, 5.0-RELEASE-p17)
2003-10-03 13:03:44 UTC (RELENG_4_8, 4.8-RELEASE-p12)
2003-10-03 13:04:19 UTC (RELENG_4_7, 4.7-RELEASE-p22)
2003-10-03 13:05:05 UTC (RELENG_4_6, 4.6-RELEASE-p25)
2003-10-03 13:05:44 UTC (RELENG_4_5, 4.5-RELEASE-p36)
2003-10-03 13:06:32 UTC (RELENG_4_4, 4.4-RELEASE-p46)
2003-10-03 13:07:37 UTC (RELENG_4_3, 4.3-RELEASE-p42)

Problem
Ein Benutzer könnte ein negatives und extrem grossesn offset nutzen wenn dieser von einem procfs "file" liest, das wiederum kann das System zu Absturz bringen. Auch kann der Kernel ausgelesen werden und es kann an Benutzer Passwörter gelangt werden die im terminal buffer liegen.

Workaround
Unmounten von procfs und linprocfs Dateisystemen:
Code: 
umount -a -t procfs,linprocfs
Nicht zu vergessen evtl. Einträge in der fstab zu löschen.

Lösung

1) Upgrade des Systems auf 4-STABLE oder RELENG_5_1, RELENG_4_8, oder RELENG_4_7 (die letzten drei sind die security branches) nach dem Korrekturtag.

2) Das System patchen:
Download von
[FreeBSD 4.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch.asc

[FreeBSD 4.4 and later 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch.asc

[FreeBSD 5.0]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch.asc

[FreeBSD 5.1]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch.asc

Den patch installieren:
Code: 
# cd /usr/src
# patch < /path/to/patch
Danach den Kernel neu kompilieren.

Details für die Korrekturen

Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.9
src/sys/kern/kern_subr.c 1.31.2.3
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.4
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.4
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.4
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.2.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.5
src/sys/sys/uio.h 1.11.2.2
RELENG_5_1
src/UPDATING 1.251.2.11
src/sys/conf/newvers.sh 1.50.2.11
src/sys/fs/procfs/procfs_dbregs.c 1.22.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.28.2.1
src/sys/fs/procfs/procfs_regs.c 1.27.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.35.2.1
src/sys/kern/kern_subr.c 1.74.2.1
src/sys/sys/uio.h 1.27.2.1
RELENG_5_0
src/UPDATING 1.229.2.23
src/sys/conf/newvers.sh 1.48.2.18
src/sys/fs/procfs/procfs_dbregs.c 1.21.2.1
src/sys/fs/procfs/procfs_fpregs.c 1.27.2.1
src/sys/fs/procfs/procfs_regs.c 1.26.2.1
src/sys/fs/pseudofs/pseudofs_vnops.c 1.32.2.1
src/sys/kern/kern_subr.c 1.63.2.2
src/sys/sys/uio.h 1.23.2.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.14
src/sys/conf/newvers.sh 1.44.2.29.2.13
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.10.1
src/sys/kern/kern_subr.c 1.31.2.2.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.8.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.8.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.8.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.14.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.8.1
src/sys/sys/uio.h 1.11.2.1.8.1
RELENG_4_7
src/UPDATING 1.73.2.74.2.25
src/sys/conf/newvers.sh 1.44.2.26.2.24
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.8.1
src/sys/kern/kern_subr.c 1.31.2.2.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.6.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.6.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.6.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.12.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.6.1
src/sys/sys/uio.h 1.11.2.1.6.1
RELENG_4_6
src/UPDATING 1.73.2.68.2.54
src/sys/conf/newvers.sh 1.44.2.23.2.42
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.6.1
src/sys/kern/kern_subr.c 1.31.2.2.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.4.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.4.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.4.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.10.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.4.1
src/sys/sys/uio.h 1.11.2.1.4.1
RELENG_4_5
src/UPDATING 1.73.2.50.2.53
src/sys/conf/newvers.sh 1.44.2.20.2.37
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.4.1
src/sys/kern/kern_subr.c 1.31.2.1.2.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.2.1
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.2.1
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.2.1
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.8.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.2.1
src/sys/sys/uio.h 1.11.2.1.2.1
RELENG_4_4
src/UPDATING 1.73.2.43.2.54
src/sys/conf/newvers.sh 1.44.2.17.2.45
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.2.1
src/sys/kern/kern_subr.c 1.31.6.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.2.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.2.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.2.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.6.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.4.2
src/sys/sys/uio.h 1.11.6.1
RELENG_4_3
src/UPDATING 1.73.2.28.2.41
src/sys/conf/newvers.sh 1.44.2.14.2.31
src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.5.2.1
src/sys/kern/kern_subr.c 1.31.4.1
src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.1.2.2
src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.1.2.2
src/sys/miscfs/procfs/procfs_regs.c 1.10.2.1.2.2
src/sys/miscfs/procfs/procfs_rlimit.c 1.5.4.1
src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.2.2
src/sys/sys/uio.h 1.11.4.1
- -------------------------------------------------------------------------
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Zurück
Oben