From owner-freebsd-security Mon Apr 22 13:24:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by hub.freebsd.org (Postfix) with ESMTP id 68C0437B4DD for ; Mon, 22 Apr 2002 13:23:35 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 47E4B4C36 for ; Mon, 22 Apr 2002 15:20:02 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3MKJuS00974 for freebsd-security@freebsd.org; Mon, 22 Apr 2002 15:19:56 -0500 (CDT) (envelope-from hawkeyd) Date: Mon, 22 Apr 2002 15:19:56 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: Q about FreeBSD-SA-02:23.stdio Message-ID: <20020422151956.A919@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All. Received this SA today, and I have but four questions: - Is this really only a kernel re-build and install thang? - Shouldn't filedesc.h be copied to /usr/include/sys? - libc (and therefore userland) really isn't involved at all? - 'keyinit' was used as an example, but the hole is just in the kernel? TIA, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ ----- Forwarded message from FreeBSD Security Advisories ----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol Affects: All releases of FreeBSD up to and including 4.5-RELEASE 4.5-STABLE prior to the correction date Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) 2002-04-21 13:08:57 UTC (RELENG_4_5) 2002-04-21 13:10:51 UTC (RELENG_4_4) FreeBSD only: NO [SNIP] V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p4) or RELENG_4_4 (4.4-RELEASE-p11) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- sys/sys/filedesc.h RELENG_4 1.19.2.4 RELENG_4_5 1.19.2.3.6.1 RELENG_4_4 1.19.2.3.4.1 sys/kern/kern_exec.c RELENG_4 1.107.2.14 RELENG_4_5 1.107.2.13.2.1 RELENG_4_4 1.107.2.8.2.2 sys/kern/kern_descrip.c RELENG_4 1.81.2.11 RELENG_4_5 1.81.2.9.2.1 RELENG_4_4 1.81.2.8.2.1 sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.5 RELENG_4_4 1.44.2.17.2.10 - ------------------------------------------------------------------------- ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message