From owner-freebsd-questions@freebsd.org Wed Jul 5 10:28:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5D60DA78F0 for ; Wed, 5 Jul 2017 10:28:06 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com [IPv6:2607:f8b0:400d:c0d::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7227F7B26B for ; Wed, 5 Jul 2017 10:28:06 +0000 (UTC) (envelope-from ml@my.gd) Received: by mail-qt0-x241.google.com with SMTP id w12so30001803qta.2 for ; Wed, 05 Jul 2017 03:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=my-gd.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8y5+DnkhuTkWEnzaHCMHpVNxsYV4eJ1cVN4+tNwGI7o=; b=1H1631NNUI/5GDn08IG15BvNpC8c2Pj4gksUHO0K6UpkFjMtCXC9pInA28M5OMfkXA l02OE9tmdUyf9Y/Rzw9JM6h5hpzijmPjwkzCWxN0bBk0zV0dHEAWwSoI5x+1v3UCmQGY Hj5wWdd6skXj+2haqE6IG4svRfKk0gti10OjDkmPiid/5jSpKO1J7EOaQERPTG8Fw8C7 EYgUeFJkDnVIXTgL/Wzpg38GLQ2SR/Z7vx27rmNNLiqYFUrKBEdu8GzsMvj4J46pf12Y xItbTofaOTabdpHy5t+Fx66onWZMrobM7lwIENJoipUNRF0AWymd37qvXrxA6GABnky7 Vj3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8y5+DnkhuTkWEnzaHCMHpVNxsYV4eJ1cVN4+tNwGI7o=; b=dlnf1tdMiGyT+iFzMuZowuyhdYCVOmfrojS23BBGoeqvcniN3Kfq2DyWQmyj9WVDDN mVpHUUSFtJTaRKSqh8IMwSGjY6BalwUznGuAaYr8V4bX5ORF6lozDD+Rb9XDK5CnDUYd TGkUuXtezm0Co3k1n7JRTX6b4oc5fKJTExLAOcgIPi8Irh8QuHHzYU1kxlHuEPPeDgf0 Nj02za1sSHrcc9mobaDGNBbmDzlJNhgqTb38fuAYGr/BbLVXa/wBfPDWox/dxwf5VH55 EeFbOOxeDUZulw3CAr5p5UIkX/S1lrlNkg9IvSxBrd0m4OcAO/8aNcpXOkizFEl/UEAQ U2Cg== X-Gm-Message-State: AIVw113SmkRARpeJjojopuioOke3S8yRoUDWM2wZytwnuSriJgUKupWP uiX6YwsZvQhXAur+RYVfAuKTttEXqOZX X-Received: by 10.237.57.8 with SMTP id l8mr17775316qte.170.1499250485720; Wed, 05 Jul 2017 03:28:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.0.215 with HTTP; Wed, 5 Jul 2017 03:28:05 -0700 (PDT) In-Reply-To: <7860b23a-66ce-1bc6-b5f6-9264057bdf23@FreeBSD.org> References: <7860b23a-66ce-1bc6-b5f6-9264057bdf23@FreeBSD.org> From: Damien Fleuriot Date: Wed, 5 Jul 2017 12:28:05 +0200 Message-ID: Subject: Re: CVE-2017-1000364 FreeBSD exposure ? To: Matthew Seaman , fernando.apesteguia@gmail.com Cc: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 10:28:06 -0000 Thanks Fernando for the link, and Matthew for the clarification :) On 5 July 2017 at 12:22, Matthew Seaman wrote: > On 2017/07/05 10:55, Damien Fleuriot wrote: >> I'm curious about the lack of announcement on the site in the >> vulnerabilities section [1], about CVE-2017-1000364 [2] [3]. >> >> >> Does anyone know to what extent FreeBSD is affected ? >> >> I'm trying to assess how critical it is that I patch our FreeBSD >> 10-STABLE boxes at work. >> >> >> >> Hope a kind soul can spare 5 minutes of their precious time to shed >> some light for me ;) > > The Security Team and a number of Kernel developers have examined the > stack-clash exploit and how it would apply to FreeBSD, and have > concluded that on FreeBSD it does not pose a vulnerability that would > merit a security advisory. While it is possible to write an application > to generate a stack-clash relatively simply. According to Qualys' work, > in order to be exploitable, this requires a particular type of > vulnerability in a setuid or setgid application where a stack-clash can > be generated. As far as they could determine, no such combination could > be found. > > Stack-clash is definitely a bug, and there is on-going work to tighten > up the way stack and heap collisions are handled which has recently been > committed to CURRENT and will be MFC'd to STABLE branches in the usual > way. There may well be an Errata Notification on the currently > supported -RELEASE branches in order to address the widespread public > concerns. However, to the best of SecTeam's knowledge this is not a > critical problem on FreeBSD. > > Of course, this does not preclude an exploit using some ported software > -- if anyone is aware of any such exploit, please let SecTeam know as > soon as possible. > > Cheers, > > Matthew > >