From owner-svn-doc-all@FreeBSD.ORG Mon Apr 29 21:56:03 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5730DF87; Mon, 29 Apr 2013 21:56:03 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4946615B8; Mon, 29 Apr 2013 21:56:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3TLu3RS007976; Mon, 29 Apr 2013 21:56:03 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3TLu2P1007969; Mon, 29 Apr 2013 21:56:02 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201304292156.r3TLu2P1007969@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Mon, 29 Apr 2013 21:56:02 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41521 - head/share/security/advisories X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2013 21:56:03 -0000 Author: des Date: Mon Apr 29 21:56:02 2013 New Revision: 41521 URL: http://svnweb.freebsd.org/changeset/doc/41521 Log: Revised advisory. Modified: head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Modified: head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:24:50 2013 (r41520) +++ head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:56:02 2013 (r41521) @@ -10,20 +10,27 @@ Topic: Insufficient input valid Category: core Module: nfsserver Announced: 2013-04-29 +Revised: 2013-04-29 Credits: Adam Nowacki Affects: All supported versions of FreeBSD. -Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE) - 2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8) - 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1) - 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1) - 2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE) - 2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3) +Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE) + 2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8) + 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1) + 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1) + 2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE) + 2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3) CVE Name: CVE-2013-3266 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision History + +v1.0 2013-04-29 Initial release. +v1.1 2013-04-29 Corrected patch URL. + Additional workaround information. + I. Background The Network File System (NFS) allows a host to export some or all of its @@ -75,6 +82,23 @@ following command: This will print 1 if the system is running the new NFS implementation, and 0 otherwise. +To switch to the old NFS implementation: + +1) Append the following lines to /etc/rc.conf: + + nfsv4_server_enable="no" + oldnfs_server_enable="yes" + +2) If the NFS server is compiled into the kernel (which is the case + for the stock GENERIC kernel), replace the NFSD option with the + NFSSERVER option, then recompile your kernel as described in + . + + If the NFS server is not compiled into the kernel, the correct + module will be loaded at boot time. + +3) Finally, reboot the system. + V. Solution Perform one of the following: @@ -90,8 +114,8 @@ FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. -# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch -# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc +# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch +# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc # gpg --verify nfsserver.patch.asc b) Apply the patch. @@ -118,11 +142,11 @@ corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r250058 -releng/8.3/ r250059 -releng/8.4/ r250062 -stable/9/ r250060 -releng/9.1/ r250061 +stable/8/ r250068 +releng/8.3/ r250069 +releng/8.4/ r250073 +stable/9/ r250070 +releng/9.1/ r250071 - ------------------------------------------------------------------------- VII. References @@ -133,7 +157,7 @@ The latest revision of this advisory is http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc -----BEGIN PGP SIGNATURE----- -iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q -9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ -=polM +iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4 +GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5 +=bbRm -----END PGP SIGNATURE-----