From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 14:03:44 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E00CC6FF; Tue, 19 Feb 2013 14:03:44 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id CB62FF0B; Tue, 19 Feb 2013 14:03:44 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1JE3iWX074489; Tue, 19 Feb 2013 14:03:44 GMT (envelope-from security-advisories@freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1JE3ifJ074487; Tue, 19 Feb 2013 14:03:44 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 19 Feb 2013 14:03:44 GMT Message-Id: <201302191403.r1JE3ifJ074487@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: bz set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-13:01.bind Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 14:03:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:01.bind Security Advisory The FreeBSD Project Topic: BIND remote DoS with deliberately crafted DNS64 query Category: contrib Module: bind Announced: 2013-02-19 Affects: FreeBSD 9.x and later Corrected: 2013-01-08 09:05:09 UTC (stable/9, 9.1-STABLE) 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) CVE Name: CVE-2012-5688 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS64 is an IPv6 transition mechanism that will return a synthesized AAAA response even if there is only an A record available. II. Problem Description Due to a software defect a crafted query can cause named(8) to crash with an assertion failure. III. Impact If named(8) is configured to use DNS64, an attacker who can send it a query can cause named(8) to crash, resulting in a denial of service. IV. Workaround No workaround is available, but systems not configured to use DNS64 using the "dns64" configuration statement are not vulnerable. DNS64 is not enabled in the default configuration on FreeBSD. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart the named(8) daemon, or reboot your system. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:01/bind.patch # fetch http://security.FreeBSD.org/patches/SA-13:01/bind.patch.asc # gpg --verify bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the named(8) daemon, or reboot your system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart the named(8) daemon, or reboot your system. 4) Alternatively, install and run BIND from the Ports Collection after the correction date. The following versions and newer versions of BIND installed from the Ports Collection are not affected by this vulnerability: bind98-9.8.4.1 bind99-9.9.2.1 VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r245163 releng/9.0/ r246989 releng/9.1/ r246989 - ------------------------------------------------------------------------- VII. References https://kb.isc.org/article/AA-00828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:01.bind.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlEjf8MACgkQFdaIBMps37JUigCeIvjGL59H2froSeFqfPvlzM7L XpAAni7nW5GZt4AE3eSDQwE4ivCne6SK =Rxq4 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 14:04:05 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2441A9E2; Tue, 19 Feb 2013 14:04:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 1684FF1A; Tue, 19 Feb 2013 14:04:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1JE44Je074551; Tue, 19 Feb 2013 14:04:04 GMT (envelope-from security-advisories@freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1JE44Gj074549; Tue, 19 Feb 2013 14:04:04 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 19 Feb 2013 14:04:04 GMT Message-Id: <201302191404.r1JE44Gj074549@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: bz set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-13:02.libc Precedence: bulk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 14:04:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:02.libc Security Advisory The FreeBSD Project Topic: glob(3) related resource exhaustion Category: core Module: libc Announced: 2013-02-19 Affects: All supported versions of FreeBSD. Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) CVE Name: CVE-2010-2632 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The glob(3) function is a pathname generator that implements the rules for file name pattern matching used by the shell. II. Problem Description GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. III. Impact An attacker that is able to exploit this vulnerability could cause excessive memory or CPU usage, resulting in a Denial of Service. A common target for a remote attacker could be ftpd(8). IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc # gpg --verify libc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart all daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons, or reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r246357 releng/7.4/ r246989 stable/8/ r246357 releng/8.3/ r246989 stable/9/ r246357 releng/9.0/ r246989 releng/9.1/ r246989 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 =mCPv -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 15:48:56 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4AFA6501 for ; Tue, 19 Feb 2013 15:48:56 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from mail-ie0-x22a.google.com (ie-in-x022a.1e100.net [IPv6:2607:f8b0:4001:c03::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 1E31DE88 for ; Tue, 19 Feb 2013 15:48:56 +0000 (UTC) Received: by mail-ie0-f170.google.com with SMTP id c11so8671149ieb.15 for ; Tue, 19 Feb 2013 07:48:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=Yq1lPXGtLfTHgbM6uJOqaZvUffHLpejdkvIoFKGIqRA=; b=UibdEWh1Yw2l77qE2QidWo7wiMULqeMn/cXnr+/87j/8A4fU7cijbOjWvcTS5qTeCo 7PsZbTt4xCkDVPaGlmKOs6yjDyc+A3J7PN9NoVhJcvz3D58HB9C3b/Uc7acZ/WtRynwf X9iBgDL4Zw/X7/7/RWWXfcvoxPx2DpxgmvCMUTln+dyPxzxD6zNiOplpU3XqFB9lDO7m GPlNZVGvNVW933gGv8fer4VQHHE4tuHvhnzlDv3fU9qqppD2WpQy3bxT1vtM5YK36IgP 4UA4eAF+C6rwzBJZMHisBvw4xXTbltpau74XUbupYqgmrE1NdEnxf6WXg0zNpydM7rVp C/Fg== MIME-Version: 1.0 X-Received: by 10.50.196.130 with SMTP id im2mr9142898igc.90.1361288935538; Tue, 19 Feb 2013 07:48:55 -0800 (PST) Received: by 10.50.93.106 with HTTP; Tue, 19 Feb 2013 07:48:55 -0800 (PST) X-Originating-IP: [68.101.40.130] In-Reply-To: <201302191404.r1JE44Gj074549@freefall.freebsd.org> References: <201302191404.r1JE44Gj074549@freefall.freebsd.org> Date: Tue, 19 Feb 2013 10:48:55 -0500 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:02.libc From: "Philip M. Gollucci" To: freebsd-security@freebsd.org X-Gm-Message-State: ALoCoQmbcHTVcwzlRS6Z9g+ETP4TsMZz5cjOaiYt8m5T6Q7LafVTfSVNZFe7YMG4bFey9TqsizRG Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD Security Advisories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 15:48:56 -0000 This is an internal only vuln with local user account. I see no need to rush this one. We'll pick it up at a later date. On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories < security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > ============================================================================= > FreeBSD-SA-13:02.libc Security > Advisory > The FreeBSD > Project > > Topic: glob(3) related resource exhaustion > > Category: core > Module: libc > Announced: 2013-02-19 > Affects: All supported versions of FreeBSD. > Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) > 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) > 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) > 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) > 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) > 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) > 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) > CVE Name: CVE-2010-2632 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > The glob(3) function is a pathname generator that implements the rules for > file name pattern matching used by the shell. > > II. Problem Description > > GLOB_LIMIT is supposed to limit the number of paths to prevent against > memory or CPU attacks. The implementation however is insufficient. > > III. Impact > > An attacker that is able to exploit this vulnerability could cause > excessive > memory or CPU usage, resulting in a Denial of Service. A common target for > a remote attacker could be ftpd(8). > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch > # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc > # gpg --verify libc.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > Recompile the operating system using buildworld and installworld as > described in . > > Restart all daemons, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > Restart all daemons, or reboot the system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/7/ r246357 > releng/7.4/ r246989 > stable/8/ r246357 > releng/8.3/ r246989 > stable/9/ r246357 > releng/9.0/ r246989 > releng/9.1/ r246989 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (FreeBSD) > > iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv > z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 > =mCPv > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- --------------------------------------------------------------------------------------------- 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Director Operations, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 18:54:21 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 98C3E671; Tue, 19 Feb 2013 18:54:21 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-ia0-x234.google.com (ia-in-x0234.1e100.net [IPv6:2607:f8b0:4001:c02::234]) by mx1.freebsd.org (Postfix) with ESMTP id 5A958E6E; Tue, 19 Feb 2013 18:54:21 +0000 (UTC) Received: by mail-ia0-f180.google.com with SMTP id f27so6529478iae.11 for ; Tue, 19 Feb 2013 10:54:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; bh=katQ4M5dmXxYOQ8QTbKvywbKuTU0e/c2p2fB1YEeFSM=; b=Vgbch/3JIVU9RQ+MbyHJDGP2j7fRwxoWPU/xCcqYRyMcHBPcmo3PTuE0T4ZHm/8+HC 7uoFE/1UFdD+QzdfIALHMnq3eImFFJVyGIWa8SpEy85CL9jW94vPDenBoMDGdzKOUaXt 2IixKVPaURTKkm2ZdYc18NyV9Js5bG4G0HxzpweS/fQ2Kj1k+W9VTyWO/VCAA23qgjm7 zFPDeLgM21jSua22mSEn7PnqtXr5vG6/boJ5qYviQ2Xmz6tHQcfHNpGtBENvLZL35th0 2idVI4ig+F0SSJTsemAwSIZIO02xsFAKNGRdb27MbL9BKgh/k4fDdM0KHBdwEDMZFJ3k +2Iw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=x-received:sender:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; bh=katQ4M5dmXxYOQ8QTbKvywbKuTU0e/c2p2fB1YEeFSM=; b=bbMc+p9+lrDjUOEU0pAkvLUpfPQ0i0Ufqzj/Rbek/kAixZcvrmX8YJnPGa2JOxDjIV r0L3PxWevbUx91kYFDwo3iYfq6CS1VBahtNLQ23ELL/zx8Km7XyGTcBMfw5nrFlC7PTV qRAO9EZtCiD/f4K46js7873YOdLeryp37p9lc= X-Received: by 10.50.76.168 with SMTP id l8mr9643212igw.97.1361300060900; Tue, 19 Feb 2013 10:54:20 -0800 (PST) Received: from DataIX.net (24-231-147-188.dhcp.aldl.mi.charter.com. [24.231.147.188]) by mx.google.com with ESMTPS id ww6sm11576699igb.2.2013.02.19.10.54.19 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 19 Feb 2013 10:54:20 -0800 (PST) Sender: Jason Hellenthal Received: from [192.168.31.239] (sys239.DataIX.local [192.168.31.239]) (authenticated bits=0) by DataIX.net (8.14.6/8.14.6) with ESMTP id r1JIsEID017916 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 19 Feb 2013 13:54:16 -0500 (EST) (envelope-from jhellenthal@DataIX.net) References: <201302191404.r1JE44Gj074549@freefall.freebsd.org> In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8C148) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <73A994DF-39F2-4C19-9F3C-534B87AA1847@DataIX.net> X-Mailer: iPhone Mail (8C148) From: Jason Hellenthal Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:02.libc Date: Tue, 19 Feb 2013 13:54:03 -0500 To: "Philip M. Gollucci" Cc: FreeBSD Security Advisories , "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 18:54:21 -0000 No running daemons with listening ports effected that could trigger it? --=20 Jason Hellenthal JJH48-ARIN - (2^(N-1)) On Feb 19, 2013, at 10:48, "Philip M. Gollucci" wrote= : > This is an internal only vuln with local user account. I see no need to > rush this one. We'll pick it up at a later date. >=20 >=20 > On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories < > security-advisories@freebsd.org> wrote: >=20 >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >>=20 >>=20 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >> FreeBSD-SA-13:02.libc Security >> Advisory >> The FreeBSD >> Project >>=20 >> Topic: glob(3) related resource exhaustion >>=20 >> Category: core >> Module: libc >> Announced: 2013-02-19 >> Affects: All supported versions of FreeBSD. >> Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) >> 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) >> 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) >> 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) >> 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) >> 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) >> 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) >> CVE Name: CVE-2010-2632 >>=20 >> For general information regarding FreeBSD Security Advisories, >> including descriptions of the fields above, security branches, and the >> following sections, please visit . >>=20 >> I. Background >>=20 >> The glob(3) function is a pathname generator that implements the rules fo= r >> file name pattern matching used by the shell. >>=20 >> II. Problem Description >>=20 >> GLOB_LIMIT is supposed to limit the number of paths to prevent against >> memory or CPU attacks. The implementation however is insufficient. >>=20 >> III. Impact >>=20 >> An attacker that is able to exploit this vulnerability could cause >> excessive >> memory or CPU usage, resulting in a Denial of Service. A common target f= or >> a remote attacker could be ftpd(8). >>=20 >> IV. Workaround >>=20 >> No workaround is available. >>=20 >> V. Solution >>=20 >> Perform one of the following: >>=20 >> 1) Upgrade your vulnerable system to a supported FreeBSD stable or >> release / security branch (releng) dated after the correction date. >>=20 >> 2) To update your vulnerable system via a source code patch: >>=20 >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >>=20 >> a) Download the relevant patch from the location below, and verify the >> detached PGP signature using your PGP utility. >>=20 >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc >> # gpg --verify libc.patch.asc >>=20 >> b) Execute the following commands as root: >>=20 >> # cd /usr/src >> # patch < /path/to/patch >>=20 >> Recompile the operating system using buildworld and installworld as >> described in . >>=20 >> Restart all daemons, or reboot the system. >>=20 >> 3) To update your vulnerable system via a binary patch: >>=20 >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: >>=20 >> # freebsd-update fetch >> # freebsd-update install >>=20 >> Restart all daemons, or reboot the system. >>=20 >> VI. Correction details >>=20 >> The following list contains the revision numbers of each file that was >> corrected in FreeBSD. >>=20 >> Branch/path Revision= >> - -----------------------------------------------------------------------= -- >> stable/7/ r246357= >> releng/7.4/ r246989= >> stable/8/ r246357= >> releng/8.3/ r246989= >> stable/9/ r246357= >> releng/9.0/ r246989= >> releng/9.1/ r246989= >> - -----------------------------------------------------------------------= -- >>=20 >> VII. References >>=20 >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2010-2632 >>=20 >> The latest revision of this advisory is available at >> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.12 (FreeBSD) >>=20 >> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv >> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 >> =3DmCPv >> -----END PGP SIGNATURE----- >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g >> " >>=20 >=20 >=20 >=20 > --=20 > --------------------------------------------------------------------------= ------------------- > 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C > Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 > Member, Apache Software Foundation > Committer, FreeBSD Foundation > Consultant, P6M7G8 Inc. > Director Operations, Ridecharge Inc. >=20 > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org= " From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 18:59:23 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 8D1ACA61 for ; Tue, 19 Feb 2013 18:59:23 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by mx1.freebsd.org (Postfix) with ESMTP id 5AA10F09 for ; Tue, 19 Feb 2013 18:59:23 +0000 (UTC) Received: by mail-ie0-f175.google.com with SMTP id c12so8768570ieb.20 for ; Tue, 19 Feb 2013 10:59:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=30G3uutV8sasbsyHwy1ZDt3W7+1zVeDZx4XT6r/1SRI=; b=LT/UbuH43nzhBps3WAtpSiCT/WSs4acxNGlKaHC0WdWsgRLd55gWvlp59IqRVfmZzT FkOa3LHgvtJzwC16NyQ/L3x/i3n0RORhHX2sORj7ANNt9FB6I5CxYRmLPcGyOo0Ma3Yc TCEPSmwsl++9HNoJM5enm9+lUS+m5Vk8pnx52hLfVwM/GfWlW8o/l40O1QHL7xn3v4h9 YUsL82Z7tUlABsCnZWsEFtpD76ESmt9cqcbQSKoLUvrdlgqj8ppwLyJ+pAp9E4Ro+qm5 tymZZLMDquu4852xFoy8Ks6/qZn0OdGtZBprn/zmT6DX/B4uE4rvnx4pJd3QCljYwY27 JbfQ== MIME-Version: 1.0 X-Received: by 10.50.17.163 with SMTP id p3mr3636170igd.90.1361300362890; Tue, 19 Feb 2013 10:59:22 -0800 (PST) Received: by 10.50.93.106 with HTTP; Tue, 19 Feb 2013 10:59:22 -0800 (PST) X-Originating-IP: [68.101.40.130] In-Reply-To: <73A994DF-39F2-4C19-9F3C-534B87AA1847@DataIX.net> References: <201302191404.r1JE44Gj074549@freefall.freebsd.org> <73A994DF-39F2-4C19-9F3C-534B87AA1847@DataIX.net> Date: Tue, 19 Feb 2013 13:59:22 -0500 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:02.libc From: "Philip M. Gollucci" To: Jason Hellenthal X-Gm-Message-State: ALoCoQmrTfpnygWgYa5R9+QXEQINKQejv4XrarFq1Z9qRf2USHhwiWMVuwTIZc9k2Yv5ajlWQ0CY Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD Security Advisories , "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 18:59:23 -0000 Shit. I sure didn't mean to send that to the world. But no, our firewall is mighty. On Tue, Feb 19, 2013 at 1:54 PM, Jason Hellenthal wrote: > No running daemons with listening ports effected that could trigger it? > > -- > Jason Hellenthal > JJH48-ARIN > - (2^(N-1)) > > > On Feb 19, 2013, at 10:48, "Philip M. Gollucci" > wrote: > > > This is an internal only vuln with local user account. I see no need to > > rush this one. We'll pick it up at a later date. > > > > > > On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories < > > security-advisories@freebsd.org> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > ============================================================================= > >> FreeBSD-SA-13:02.libc Security > >> Advisory > >> The FreeBSD > >> Project > >> > >> Topic: glob(3) related resource exhaustion > >> > >> Category: core > >> Module: libc > >> Announced: 2013-02-19 > >> Affects: All supported versions of FreeBSD. > >> Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) > >> 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) > >> 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) > >> 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) > >> 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) > >> 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) > >> 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) > >> CVE Name: CVE-2010-2632 > >> > >> For general information regarding FreeBSD Security Advisories, > >> including descriptions of the fields above, security branches, and the > >> following sections, please visit . > >> > >> I. Background > >> > >> The glob(3) function is a pathname generator that implements the rules > for > >> file name pattern matching used by the shell. > >> > >> II. Problem Description > >> > >> GLOB_LIMIT is supposed to limit the number of paths to prevent against > >> memory or CPU attacks. The implementation however is insufficient. > >> > >> III. Impact > >> > >> An attacker that is able to exploit this vulnerability could cause > >> excessive > >> memory or CPU usage, resulting in a Denial of Service. A common target > for > >> a remote attacker could be ftpd(8). > >> > >> IV. Workaround > >> > >> No workaround is available. > >> > >> V. Solution > >> > >> Perform one of the following: > >> > >> 1) Upgrade your vulnerable system to a supported FreeBSD stable or > >> release / security branch (releng) dated after the correction date. > >> > >> 2) To update your vulnerable system via a source code patch: > >> > >> The following patches have been verified to apply to the applicable > >> FreeBSD release branches. > >> > >> a) Download the relevant patch from the location below, and verify the > >> detached PGP signature using your PGP utility. > >> > >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch > >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc > >> # gpg --verify libc.patch.asc > >> > >> b) Execute the following commands as root: > >> > >> # cd /usr/src > >> # patch < /path/to/patch > >> > >> Recompile the operating system using buildworld and installworld as > >> described in . > >> > >> Restart all daemons, or reboot the system. > >> > >> 3) To update your vulnerable system via a binary patch: > >> > >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 > >> platforms can be updated via the freebsd-update(8) utility: > >> > >> # freebsd-update fetch > >> # freebsd-update install > >> > >> Restart all daemons, or reboot the system. > >> > >> VI. Correction details > >> > >> The following list contains the revision numbers of each file that was > >> corrected in FreeBSD. > >> > >> Branch/path > Revision > >> - > ------------------------------------------------------------------------- > >> stable/7/ > r246357 > >> releng/7.4/ > r246989 > >> stable/8/ > r246357 > >> releng/8.3/ > r246989 > >> stable/9/ > r246357 > >> releng/9.0/ > r246989 > >> releng/9.1/ > r246989 > >> - > ------------------------------------------------------------------------- > >> > >> VII. References > >> > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 > >> > >> The latest revision of this advisory is available at > >> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.12 (FreeBSD) > >> > >> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv > >> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 > >> =mCPv > >> -----END PGP SIGNATURE----- > >> _______________________________________________ > >> freebsd-security@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-security > >> To unsubscribe, send any mail to " > freebsd-security-unsubscribe@freebsd.org > >> " > >> > > > > > > > > -- > > > --------------------------------------------------------------------------------------------- > > 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C > > Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 > > Member, Apache Software Foundation > > Committer, FreeBSD Foundation > > Consultant, P6M7G8 Inc. > > Director Operations, Ridecharge Inc. > > > > Work like you don't need the money, > > love like you'll never get hurt, > > and dance like nobody's watching. > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to " > freebsd-security-unsubscribe@freebsd.org" > -- --------------------------------------------------------------------------------------------- 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Director Operations, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.