From owner-freebsd-security@FreeBSD.ORG Thu Jan 29 14:31:14 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E23E472 for ; Thu, 29 Jan 2015 14:31:14 +0000 (UTC) Received: from mail.in-addr.com (mail.in-addr.com [IPv6:2a01:4f8:191:61e8::2525:2525]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0EC19106 for ; Thu, 29 Jan 2015 14:31:14 +0000 (UTC) Received: from gjp by mail.in-addr.com with local (Exim 4.85 (FreeBSD)) (envelope-from ) id 1YGq7j-0007Ki-Bv; Thu, 29 Jan 2015 14:31:11 +0000 Date: Thu, 29 Jan 2015 14:31:11 +0000 From: Gary Palmer To: Ian Smith Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem Message-ID: <20150129143111.GA29167@in-addr.com> References: <20150128194011.2175B19F@hub.freebsd.org> <20150128211910.80082283DA18@rock.dv.isc.org> <54C966BF.9000803@rewt.org.uk> <54C9837C.8090704@akips.com> <20150130011402.P36378@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150130011402.P36378@sola.nimnet.asn.au> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on mail.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security@freebsd.org, Nick Frampton , jungle Boogie X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2015 14:31:14 -0000 On Fri, Jan 30, 2015 at 01:20:56AM +1100, Ian Smith wrote: > On Wed, 28 Jan 2015 17:01:50 -0800, jungle Boogie wrote: > > Hi Nick, > > On Jan 28, 2015 4:56 PM, "Nick Frampton" wrote: > > > > > > On 29/01/15 08:46, Joe Holden wrote: > > >> > > >> Really, how many SCTP users are there om the wild... maybe one? > > >> > > >> It shouldn't be in GENERIC at the very least! > > > > > > > > > We use Netflow over SCTP in our network monitoring product, so it would > > be a pain to have to build a custom kernel. > > > > But also a pain to have an exploit when it could be prevented. > > Are you vulnerable to an SCTP exploit if you're not using SCTP? >From one of the advisories (FreeBSD-SA-15:02.kmem): -- QUOTE -- An unprivileged process can read or modify 16-bits of memory which belongs to the kernel. This smay lead to exposure of sensitive information or allow privilege escalation. -- ENDQUOTE -- So even if you don't use SCTP, if someone got a shell on your box they could potentially use SCTP to get root or modify kernel memory to break out of a jail, etc. In other words, you don't necessarily need to use SCTP to be affected by vulnerabilities in it. Regards, Gary