Date: Wed, 26 May 2010 21:53:42 -0700 From: matt <matt@xerq.net> To: <freebsd-security@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-10:05.opie Message-ID: <9a34eaba76391cf1481cd27a3aa0ffbd@imap.xerq.net> In-Reply-To: <201005270325.o4R3P7wY009265@freefall.freebsd.org> References: <201005270325.o4R3P7wY009265@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
There's a typo for the fetch link: --http://security.freebsd.org/patches/SA-10-05/opie.patch ++http://security.freebsd.org/patches/SA-10:05/opie.patch -Matt On Thu, 27 May 2010 03:25:07 GMT, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-10:05.opie Security > Advisory > The FreeBSD > Project > > Topic: OPIE off-by-one stack overflow > > Category: contrib > Module: contrib_opie > Announced: 2010-05-27 > Credits: Maksymilian Arciemowicz and Adam Zabrocki > Affects: All supported versions of FreeBSD > Corrected: 2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE) > 2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3) > 2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE) > 2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1) > 2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8) > 2010-05-27 03:15:04 UTC (RELENG_7_1, 7.1-RELEASE-p12) > 2010-05-27 03:15:04 UTC (RELENG_6, 6.4-STABLE) > 2010-05-27 03:15:04 UTC (RELENG_6_4, 6.4-RELEASE-p10) > CVE Name: CVE-2010-1938 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > OPIE is a one-time password system designed to help to secure a system > against replay attacks. It does so using a secure hash function and a > challenge/response system. > > OPIE is enabled by default on FreeBSD. > > II. Problem Description > > A programming error in the OPIE library could allow an off-by-one buffer > overflow to write a single zero byte beyond the end of an on-stack buffer. > > III. Impact > > An attacker can remotely crash a service process which uses OPIE when > stack protector is enabled. > > Note that this can happen even if OPIE is not enabled on the system, > for instance the base system ftpd(8) is affected by this. Depending > on the design and usage of OPIE, this may either affect only the > process that handles the user authentication, or cause a Denial of > Service condition. > > It is possible but very unlikely that an attacker could exploit this to > gain access to a system. > > IV. Workaround > > No workaround is available, but systems without OPIE capable services > running are not vulnerable. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, > or to the RELENG_8_0, RELENG_7_3, RELENG_7_2, RELENG_7_1, RELENG_6_4 > security branch dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to FreeBSD 6.4, > 7.1, 7.2, 7.3, and 8.0 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch > # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libopie > # make obj && make depend && make && make install > > NOTE: On the amd64 platform, the above procedure will not update the > lib32 (i386 compatibility) libraries. On amd64 systems where the i386 > compatibility libraries are used, the operating system should instead > be recompiled as described in > <URL:http://www.FreeBSD.org/handbook/makeworld.html>; > > 3) To update your vulnerable system via a binary patch: > > Systems running 6.4-RELEASE, 7.1-RELEASE, 7.2-RELEASE, 7.3-RELEASE or > 8.0-RELEASE on the i386 or amd64 platforms can be updated via the > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_6 > src/contrib/opie/libopie/readrec.c 1.1.1.4.14.1 > RELENG_6_4 > src/UPDATING 1.416.2.40.2.14 > src/sys/conf/newvers.sh 1.69.2.18.2.16 > src/contrib/opie/libopie/readrec.c 1.1.1.4.26.1 > RELENG_7 > src/contrib/opie/libopie/readrec.c 1.2.2.1 > RELENG_7_3 > src/UPDATING 1.507.2.34.2.3 > src/sys/conf/newvers.sh 1.72.2.16.2.5 > src/contrib/opie/libopie/readrec.c 1.2.12.2 > RELENG_7_2 > src/UPDATING 1.507.2.23.2.11 > src/sys/conf/newvers.sh 1.72.2.11.2.12 > src/contrib/opie/libopie/readrec.c 1.2.8.2 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.15 > src/sys/conf/newvers.sh 1.72.2.9.2.16 > src/contrib/opie/libopie/readrec.c 1.2.6.2 > RELENG_8 > src/contrib/opie/libopie/readrec.c 1.2.10.2 > RELENG_8_0 > src/UPDATING 1.632.2.7.2.6 > src/sys/conf/newvers.sh 1.83.2.6.2.6 > src/contrib/opie/libopie/readrec.c 1.2.10.1.2.2 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/6/ r208586 > releng/6.4/ r208586 > stable/7/ r208586 > releng/7.3/ r208586 > releng/7.2/ r208586 > releng/7.1/ r208586 > stable/8/ r208586 > releng/8.0/ r208586 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (FreeBSD) > > iEYEARECAAYFAkv95R0ACgkQFdaIBMps37KcEwCfXrMzuOs95kBzG822gZYKuCuI > XrsAniMF+cUbTvzbgPpUb4YdoOte7G8X > =BChs > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a34eaba76391cf1481cd27a3aa0ffbd>