From owner-freebsd-security Fri Jun 28 3:15:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CE8337B408 for ; Fri, 28 Jun 2002 03:15:50 -0700 (PDT) Received: from mail.npubs.com (npubs.com [207.111.208.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94EAF43E0F for ; Fri, 28 Jun 2002 03:15:46 -0700 (PDT) (envelope-from nielsen@memberwebs.com) Received: 8.12.2-(Neptune) From: "Nielsen" To: "Chris" , References: <200206261908.g5QJ8Nqo035419@freefall.freebsd.org> <200206281235440931.5B17C74F@zorgco.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020628101546.94EAF43E0F@mx1.FreeBSD.org> Date: Fri, 28 Jun 2002 03:15:46 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nope basically any program that's statically linked ( /bin/* /sbin/* and some others), and your libc libraries need to be rebuilt. Make world is the simplest route out unless you're sure you can catch everything. Sorry bout that Nate ----- Original Message ----- From: "Chris" To: Sent: Thursday, June 27, 2002 20:39 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Sorry for the newbie question but here goes. Anyone know if we can just recompile kernel after patch? (i.e make make install) or do we have to update src and make world? Any help is greatly appreciated. Chris ------------------------------------------------------------------- On 26/06/2002 at 12:08 PM FreeBSD Security Advisories wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >=========================================================================== == >FreeBSD-SA-02:28.resolv Security >Advisory > The FreeBSD >Project > >Topic: buffer overflow in resolver > >Category: core >Module: libc >Announced: 2002-06-26 >Credits: Joost Pol >Affects: All releases prior to and including 4.6-RELEASE >Corrected: 2002-06-26 06:34:18 UTC (RELENG_4) > 2002-06-26 08:44:24 UTC (RELENG_4_6) > 2002-06-26 18:53:20 UTC (RELENG_4_5) >FreeBSD only: NO > >I. Background > >The resolver implements functions for making, sending and interpreting >query and reply messages with Internet domain name servers. >Hostnames, IP addresses, and other information are queried using the >resolver. > >II. Problem Description > >DNS messages have specific byte alignment requirements, resulting in >padding in messages. In a few instances in the resolver code, this >padding is not taken into account when computing available buffer >space. As a result, the parsing of a DNS message may result in a >buffer overrun of up to a few bytes for each record included in the >message. > >III. Impact > >An attacker (either a malicious domain name server or an agent that >can spoof DNS messages) may produce a specially crafted DNS message >that will exploit this bug when parsed by an application using the >resolver. It may be possible for such an exploit to result in the >execution of arbitrary code with the privileges of the resolver-using >application. Though no exploits are known to exist today, since >practically all Internet applications utilize the resolver, the >severity of this issue is high. > >IV. Workaround > >There is currently no workaround. > >V. Solution > >Do one of the following: > >1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6 >or RELENG_4_5 security branch dated after the correction date >(4.6-RELEASE-p1 or 4.5-RELEASE-p7). > >2) To patch your present system: > >The following patch has been verified to apply to FreeBSD 4.5 and >FreeBSD 4.6 systems. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc > >b) Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch > >c) Recompile the operating systems as described in >. > >Note that any statically linked applications that are not part of >the base system (i.e. from the Ports Collection or other 3rd-party >sources) must be recompiled. > >VI. Correction details > >The following list contains the revision numbers of each file that was >corrected in FreeBSD. > >Path Revision > Branch >- ------------------------------------------------------------------------- >src/lib/libc/net/gethostbydns.c > RELENG_4 1.27.2.2 > RELENG_4_6 1.27.10.1 > RELENG_4_5 1.27.8.1 >src/lib/libc/net/getnetbydns.c > RELENG_4 1.13.2.2 > RELENG_4_6 1.13.2.1.8.1 > RELENG_4_5 1.13.2.1.6.1 >src/lib/libc/net/name6.c > RELENG_4 1.6.2.6 > RELENG_4_6 1.6.2.5.8.1 > RELENG_4_5 1.6.2.5.6.1 >src/sys/conf/newvers.sh > RELENG_4_6 1.44.2.23.2.2 > RELENG_4_5 1.44.2.20.2.8 >- ------------------------------------------------------------------------- > >VII. References > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (FreeBSD) > >iQCVAwUBPRoQOVUuHi5z0oilAQG3cAP/d7Gb2rdkSjZKCR0NI+QzMibgySVTXOtF >sdoJrYka/XnIpFMVAyXl36bibtRKbwfCyv/rEX39YSas7tqReizwAABoaRF956Qb >qlek1ONvvd+Tj6+WpEEueX/VdPqGQuqMk0BoguIbOgwAya6ZFYJ9ZKAHHSN9YqO8 >ZGTC8pmqfGI= >=s76v >-----END PGP SIGNATURE----- > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security-notifications" in the body of the message Chris Zorg Enterprises To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message