Site Navigation

Date:      Tue, 19 Feb 2013 13:54:03 -0500
From:      Jason Hellenthal <jhellenthal@DataIX.net>
To:        "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Cc:        FreeBSD Security Advisories <security-advisories@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-13:02.libc
Message-ID:  <73A994DF-39F2-4C19-9F3C-534B87AA1847@DataIX.net>
In-Reply-To: <CACM2dAZa5guUjmcXavkpMahrhHskmYT70niycpkmUQ=FH1oDmg@mail.gmail.com>
References:  <201302191404.r1JE44Gj074549@freefall.freebsd.org> <CACM2dAZa5guUjmcXavkpMahrhHskmYT70niycpkmUQ=FH1oDmg@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

No running daemons with listening ports effected that could trigger it?

--=20
 Jason Hellenthal
 JJH48-ARIN
 - (2^(N-1))


On Feb 19, 2013, at 10:48, "Philip M. Gollucci" <pgollucci@p6m7g8.com> wrote=
:

> This is an internal only vuln with local user account.  I see no need to
> rush this one.  We'll pick it up at a later date.
>=20
>=20
> On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories <
> security-advisories@freebsd.org> wrote:
>=20
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>=20
>>=20
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

>> FreeBSD-SA-13:02.libc                                       Security
>> Advisory
>>                                                          The FreeBSD
>> Project
>>=20
>> Topic:          glob(3) related resource exhaustion
>>=20
>> Category:       core
>> Module:         libc
>> Announced:      2013-02-19
>> Affects:        All supported versions of FreeBSD.
>> Corrected:      2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
>>                2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
>>                2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
>>                2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
>> CVE Name:       CVE-2010-2632
>>=20
>> For general information regarding FreeBSD Security Advisories,
>> including descriptions of the fields above, security branches, and the
>> following sections, please visit <URL:http://security.FreeBSD.org/>.
>>=20
>> I.   Background
>>=20
>> The glob(3) function is a pathname generator that implements the rules fo=
r
>> file name pattern matching used by the shell.
>>=20
>> II.  Problem Description
>>=20
>> GLOB_LIMIT is supposed to limit the number of paths to prevent against
>> memory or CPU attacks.  The implementation however is insufficient.
>>=20
>> III. Impact
>>=20
>> An attacker that is able to exploit this vulnerability could cause
>> excessive
>> memory or CPU usage, resulting in a Denial of Service.  A common target f=
or
>> a remote attacker could be ftpd(8).
>>=20
>> IV.  Workaround
>>=20
>> No workaround is available.
>>=20
>> V.   Solution
>>=20
>> Perform one of the following:
>>=20
>> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
>> release / security branch (releng) dated after the correction date.
>>=20
>> 2) To update your vulnerable system via a source code patch:
>>=20
>> The following patches have been verified to apply to the applicable
>> FreeBSD release branches.
>>=20
>> a) Download the relevant patch from the location below, and verify the
>> detached PGP signature using your PGP utility.
>>=20
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc
>> # gpg --verify libc.patch.asc
>>=20
>> b) Execute the following commands as root:
>>=20
>> # cd /usr/src
>> # patch < /path/to/patch
>>=20
>> Recompile the operating system using buildworld and installworld as
>> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
>>=20
>> Restart all daemons, or reboot the system.
>>=20
>> 3) To update your vulnerable system via a binary patch:
>>=20
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>>=20
>> # freebsd-update fetch
>> # freebsd-update install
>>=20
>> Restart all daemons, or reboot the system.
>>=20
>> VI.  Correction details
>>=20
>> The following list contains the revision numbers of each file that was
>> corrected in FreeBSD.
>>=20
>> Branch/path                                                      Revision=

>> - -----------------------------------------------------------------------=
--
>> stable/7/                                                         r246357=

>> releng/7.4/                                                       r246989=

>> stable/8/                                                         r246357=

>> releng/8.3/                                                       r246989=

>> stable/9/                                                         r246357=

>> releng/9.0/                                                       r246989=

>> releng/9.1/                                                       r246989=

>> - -----------------------------------------------------------------------=
--
>>=20
>> VII. References
>>=20
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2010-2632
>>=20
>> The latest revision of this advisory is available at
>> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.12 (FreeBSD)
>>=20
>> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv
>> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4
>> =3DmCPv
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g
>> "
>>=20
>=20
>=20
>=20
> --=20
> --------------------------------------------------------------------------=
-------------------
> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
> Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
> Member,                           Apache Software Foundation
> Committer,                        FreeBSD Foundation
> Consultant,                       P6M7G8 Inc.
> Director Operations,      Ridecharge Inc.
>=20
> Work like you don't need the money,
> love like you'll never get hurt,
> and dance like nobody's watching.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org=
"

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73A994DF-39F2-4C19-9F3C-534B87AA1847>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact