From owner-freebsd-security Thu Jun 27 19:38:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from server1.newzealandhosting.com (juicyhoes.com [64.49.223.235]) by hub.freebsd.org (Postfix) with ESMTP id 3BC6A37B400 for ; Thu, 27 Jun 2002 19:38:21 -0700 (PDT) Received: from bigfoot (c16468.kelvn1.qld.optusnet.com.au [210.49.46.87]) by server1.newzealandhosting.com (Postfix) with ESMTP id A07A91084D6 for ; Thu, 27 Jun 2002 16:26:43 -0500 (CDT) Message-ID: <200206281235440931.5B17C74F@zorgco.com> In-Reply-To: <200206261908.g5QJ8Nqo035419@freefall.freebsd.org> References: <200206261908.g5QJ8Nqo035419@freefall.freebsd.org> X-Mailer: Calypso Version 3.30.00.00 (4) Date: Fri, 28 Jun 2002 12:35:44 +1000 From: "Chris" To: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry for the newbie question but here goes. Anyone know if we can just recompile kernel after patch? (i.e make make= install) or do we have to update src and make world? Any help is greatly appreciated. Chris ------------------------------------------------------------------- On 26/06/2002 at 12:08 PM FreeBSD Security Advisories wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >FreeBSD-SA-02:28.resolv Security >Advisory > The FreeBSD >Project > >Topic: buffer overflow in resolver > >Category: core >Module: libc >Announced: 2002-06-26 >Credits: Joost Pol >Affects: All releases prior to and including 4.6-RELEASE >Corrected: 2002-06-26 06:34:18 UTC (RELENG_4) > 2002-06-26 08:44:24 UTC (RELENG_4_6) > 2002-06-26 18:53:20 UTC (RELENG_4_5) >FreeBSD only: NO > >I. Background > >The resolver implements functions for making, sending and interpreting >query and reply messages with Internet domain name servers. >Hostnames, IP addresses, and other information are queried using the >resolver. > >II. Problem Description > >DNS messages have specific byte alignment requirements, resulting in >padding in messages. In a few instances in the resolver code, this >padding is not taken into account when computing available buffer >space. As a result, the parsing of a DNS message may result in a >buffer overrun of up to a few bytes for each record included in the >message. > >III. Impact > >An attacker (either a malicious domain name server or an agent that >can spoof DNS messages) may produce a specially crafted DNS message >that will exploit this bug when parsed by an application using the >resolver. It may be possible for such an exploit to result in the >execution of arbitrary code with the privileges of the resolver-using >application. Though no exploits are known to exist today, since >practically all Internet applications utilize the resolver, the >severity of this issue is high. > >IV. Workaround > >There is currently no workaround. > >V. Solution > >Do one of the following: > >1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6 >or RELENG_4_5 security branch dated after the correction date >(4.6-RELEASE-p1 or 4.5-RELEASE-p7). > >2) To patch your present system: > >The following patch has been verified to apply to FreeBSD 4.5 and >FreeBSD 4.6 systems. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc > >b) Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch > >c) Recompile the operating systems as described in >. > >Note that any statically linked applications that are not part of >the base system (i.e. from the Ports Collection or other 3rd-party >sources) must be recompiled. > >VI. Correction details > >The following list contains the revision numbers of each file that was >corrected in FreeBSD. > >Path Revision > Branch >-= ------------------------------------------------------------------------- >src/lib/libc/net/gethostbydns.c > RELENG_4 1.27.2.2 > RELENG_4_6 1.27.10.1 > RELENG_4_5 1.27.8.1 >src/lib/libc/net/getnetbydns.c > RELENG_4 1.13.2.2 > RELENG_4_6 1.13.2.1.8.1 > RELENG_4_5 1.13.2.1.6.1 >src/lib/libc/net/name6.c > RELENG_4 1.6.2.6 > RELENG_4_6 1.6.2.5.8.1 > RELENG_4_5 1.6.2.5.6.1 >src/sys/conf/newvers.sh > RELENG_4_6 1.44.2.23.2.2 > RELENG_4_5 1.44.2.20.2.8 >-= ------------------------------------------------------------------------- > >VII. References > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (FreeBSD) > >iQCVAwUBPRoQOVUuHi5z0oilAQG3cAP/d7Gb2rdkSjZKCR0NI+QzMibgySVTXOtF >sdoJrYka/XnIpFMVAyXl36bibtRKbwfCyv/rEX39YSas7tqReizwAABoaRF956Qb >qlek1ONvvd+Tj6+WpEEueX/VdPqGQuqMk0BoguIbOgwAya6ZFYJ9ZKAHHSN9YqO8 >ZGTC8pmqfGI=3D >=3Ds76v >-----END PGP SIGNATURE----- > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security-notifications" in the body of the= message Chris Zorg Enterprises To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message