From owner-freebsd-security@FreeBSD.ORG Tue Feb 19 18:54:21 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 98C3E671; Tue, 19 Feb 2013 18:54:21 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-ia0-x234.google.com (ia-in-x0234.1e100.net [IPv6:2607:f8b0:4001:c02::234]) by mx1.freebsd.org (Postfix) with ESMTP id 5A958E6E; Tue, 19 Feb 2013 18:54:21 +0000 (UTC) Received: by mail-ia0-f180.google.com with SMTP id f27so6529478iae.11 for ; Tue, 19 Feb 2013 10:54:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; bh=katQ4M5dmXxYOQ8QTbKvywbKuTU0e/c2p2fB1YEeFSM=; b=Vgbch/3JIVU9RQ+MbyHJDGP2j7fRwxoWPU/xCcqYRyMcHBPcmo3PTuE0T4ZHm/8+HC 7uoFE/1UFdD+QzdfIALHMnq3eImFFJVyGIWa8SpEy85CL9jW94vPDenBoMDGdzKOUaXt 2IixKVPaURTKkm2ZdYc18NyV9Js5bG4G0HxzpweS/fQ2Kj1k+W9VTyWO/VCAA23qgjm7 zFPDeLgM21jSua22mSEn7PnqtXr5vG6/boJ5qYviQ2Xmz6tHQcfHNpGtBENvLZL35th0 2idVI4ig+F0SSJTsemAwSIZIO02xsFAKNGRdb27MbL9BKgh/k4fDdM0KHBdwEDMZFJ3k +2Iw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=x-received:sender:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; bh=katQ4M5dmXxYOQ8QTbKvywbKuTU0e/c2p2fB1YEeFSM=; b=bbMc+p9+lrDjUOEU0pAkvLUpfPQ0i0Ufqzj/Rbek/kAixZcvrmX8YJnPGa2JOxDjIV r0L3PxWevbUx91kYFDwo3iYfq6CS1VBahtNLQ23ELL/zx8Km7XyGTcBMfw5nrFlC7PTV qRAO9EZtCiD/f4K46js7873YOdLeryp37p9lc= X-Received: by 10.50.76.168 with SMTP id l8mr9643212igw.97.1361300060900; Tue, 19 Feb 2013 10:54:20 -0800 (PST) Received: from DataIX.net (24-231-147-188.dhcp.aldl.mi.charter.com. [24.231.147.188]) by mx.google.com with ESMTPS id ww6sm11576699igb.2.2013.02.19.10.54.19 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 19 Feb 2013 10:54:20 -0800 (PST) Sender: Jason Hellenthal Received: from [192.168.31.239] (sys239.DataIX.local [192.168.31.239]) (authenticated bits=0) by DataIX.net (8.14.6/8.14.6) with ESMTP id r1JIsEID017916 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 19 Feb 2013 13:54:16 -0500 (EST) (envelope-from jhellenthal@DataIX.net) References: <201302191404.r1JE44Gj074549@freefall.freebsd.org> In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8C148) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <73A994DF-39F2-4C19-9F3C-534B87AA1847@DataIX.net> X-Mailer: iPhone Mail (8C148) From: Jason Hellenthal Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:02.libc Date: Tue, 19 Feb 2013 13:54:03 -0500 To: "Philip M. Gollucci" Cc: FreeBSD Security Advisories , "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 18:54:21 -0000 No running daemons with listening ports effected that could trigger it? --=20 Jason Hellenthal JJH48-ARIN - (2^(N-1)) On Feb 19, 2013, at 10:48, "Philip M. Gollucci" wrote= : > This is an internal only vuln with local user account. I see no need to > rush this one. We'll pick it up at a later date. >=20 >=20 > On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories < > security-advisories@freebsd.org> wrote: >=20 >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >>=20 >>=20 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >> FreeBSD-SA-13:02.libc Security >> Advisory >> The FreeBSD >> Project >>=20 >> Topic: glob(3) related resource exhaustion >>=20 >> Category: core >> Module: libc >> Announced: 2013-02-19 >> Affects: All supported versions of FreeBSD. >> Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) >> 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) >> 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) >> 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) >> 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) >> 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) >> 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) >> CVE Name: CVE-2010-2632 >>=20 >> For general information regarding FreeBSD Security Advisories, >> including descriptions of the fields above, security branches, and the >> following sections, please visit . >>=20 >> I. Background >>=20 >> The glob(3) function is a pathname generator that implements the rules fo= r >> file name pattern matching used by the shell. >>=20 >> II. Problem Description >>=20 >> GLOB_LIMIT is supposed to limit the number of paths to prevent against >> memory or CPU attacks. The implementation however is insufficient. >>=20 >> III. Impact >>=20 >> An attacker that is able to exploit this vulnerability could cause >> excessive >> memory or CPU usage, resulting in a Denial of Service. A common target f= or >> a remote attacker could be ftpd(8). >>=20 >> IV. Workaround >>=20 >> No workaround is available. >>=20 >> V. Solution >>=20 >> Perform one of the following: >>=20 >> 1) Upgrade your vulnerable system to a supported FreeBSD stable or >> release / security branch (releng) dated after the correction date. >>=20 >> 2) To update your vulnerable system via a source code patch: >>=20 >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >>=20 >> a) Download the relevant patch from the location below, and verify the >> detached PGP signature using your PGP utility. >>=20 >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc >> # gpg --verify libc.patch.asc >>=20 >> b) Execute the following commands as root: >>=20 >> # cd /usr/src >> # patch < /path/to/patch >>=20 >> Recompile the operating system using buildworld and installworld as >> described in . >>=20 >> Restart all daemons, or reboot the system. >>=20 >> 3) To update your vulnerable system via a binary patch: >>=20 >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: >>=20 >> # freebsd-update fetch >> # freebsd-update install >>=20 >> Restart all daemons, or reboot the system. >>=20 >> VI. Correction details >>=20 >> The following list contains the revision numbers of each file that was >> corrected in FreeBSD. >>=20 >> Branch/path Revision= >> - -----------------------------------------------------------------------= -- >> stable/7/ r246357= >> releng/7.4/ r246989= >> stable/8/ r246357= >> releng/8.3/ r246989= >> stable/9/ r246357= >> releng/9.0/ r246989= >> releng/9.1/ r246989= >> - -----------------------------------------------------------------------= -- >>=20 >> VII. References >>=20 >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2010-2632 >>=20 >> The latest revision of this advisory is available at >> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.12 (FreeBSD) >>=20 >> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv >> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 >> =3DmCPv >> -----END PGP SIGNATURE----- >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g >> " >>=20 >=20 >=20 >=20 > --=20 > --------------------------------------------------------------------------= ------------------- > 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C > Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 > Member, Apache Software Foundation > Committer, FreeBSD Foundation > Consultant, P6M7G8 Inc. > Director Operations, Ridecharge Inc. >=20 > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org= "