From owner-freebsd-security-notifications Thu Mar 22 13:12:38 2001 Delivered-To: freebsd-security-notifications@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BD32F37B71B; Thu, 22 Mar 2001 13:12:32 -0800 (PST) (envelope-from security-advisories@FreeBSD.org) Received: (from kris@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2MLCWm14901; Thu, 22 Mar 2001 13:12:32 -0800 (PST) (envelope-from security-advisories@FreeBSD.org) Date: Thu, 22 Mar 2001 13:12:32 -0800 (PST) Message-Id: <200103222112.f2MLCWm14901@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:30 Security Advisory FreeBSD, Inc. Topic: UFS/EXT2FS allows disclosure of deleted data Category: kernel Module: ufs/ext2fs Announced: 2001-03-22 Credits: Sven Berkvens , Marc Olzheim Affects: All released versions of FreeBSD 3.x, 4.x. FreeBSD 3.5-STABLE prior to the correction date. FreeBSD 4.2-STABLE prior to the correction date. Corrected: 2000-12-22 (FreeBSD 3.5-STABLE) 2000-12-22 (FreeBSD 4.2-STABLE) FreeBSD only: NO I. Background UFS is the Unix File System, used by default on FreeBSD systems and many other UNIX variants. EXT2FS is a filesystem used by default on many Linux systems, which is also available on FreeBSD. II. Problem Description There exists a data consistency race condition which allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data. All versions of FreeBSD 3.x and 4.x prior to the correction date including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this problem. This problem is not specific to FreeBSD systems and is believed to exist on many filesystems. This problem was corrected prior to the forthcoming release of FreeBSD 4.3. III. Impact Unprivileged users may obtain access to data which was part of deleted files. IV. Workaround None appropriate. V. Solution Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE after the respective correction dates. To patch your present system: download the relevant patch from the below location, and execute the following commands as root: # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc Verify the detached PGP signature using your PGP utility. This patch has been verified to apply against FreeBSD 3.5.1-RELEASE, FreeBSD 4.1.1-RELEASE and FreeBSD 4.2-RELEASE. It may or may not apply to older, unsupported releases. # cd /usr/src # patch -p < /path/to/patch Rebuild and reinstall your kernel as described in the FreeBSD handbook at the following URL: http://www.freebsd.org/handbook/kernelconfig.html and reboot for the changes to take effect. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOrpp2lUuHi5z0oilAQEXFwQAjIKJPtcwJOW2nyLkkIl9Ma59xpuOWEHL gZr7KQ6xi2KVH8D6Jztt8gaF+Qb3HRyq8BQUzqL20f+O8yfr8IyX0w5OWu1VkEYu ctKKwhMRtd+Cc4L9Y56Ck3DhK5CgDwCVUlThNShR8/omKFd+pWulYcaIdKwTzZIe aCnSgvTvAHU= =Jn5m -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message