[FUGSPBR] Falha no Free fornece acesso remoto
Luis Vitorio Cargnini
lvcargnini em telenova.net
Sex Ago 9 08:05:36 BRT 2002
Isso e um falahoa do nivel de apresentacao do RPC e ja e conhecido faz
algum tempo isso e afeta todos os sistemaS que usarem nfs baseado no
mopdelo da Sun
On Fri, 2002-08-09 at 13:25, sandro luiz silva wrote:
>
> ---------- Forwarded Message -----------
> From: "sandro luiz silva" <sandro em cacer.com.br>
> To: "lista fugsbr" <fugspbr em fugspbr.org>
> Sent: Fri, 9 Aug 2002 10:15:35 -0300
> Subject: OFF Topic Falha no Free fornece acesso remoto
>
> Noticias retirados do site infoexame
>
> TI
> Bug afeta Windows, Linux e Mac OS e FreeBSD
> Uma falha de segurança localizada numa biblioteca chamada XDR afeta diversos
> sistemas operacionais, incluindo Windows, Linux, Mac OS e Solaris.
>
> Acessem também
>
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-02:34.rpc Security Advisory
> The FreeBSD Project
>
> Topic: Sun RPC XDR decoder contains buffer overflow
>
> Category: core
> Module: libc
> Announced: 2002-08-01
> Credits: ISS X-Force
> Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p5
> Corrected: 2002-08-01 12:23:20 UTC (RELENG_4)
> 2002-08-01 12:23:40 UTC (RELENG_4_6)
> 2002-08-01 12:23:58 UTC (RELENG_4_5)
> 2002-08-01 12:24:20 UTC (RELENG_4_4)
> FreeBSD only: NO
>
> 0. Revision History
>
> v1.0 2002-07-31 Initial release
> v1.1 2002-08-01 Corrected patch
>
> I. Background
>
> Sun RPC is a remote procedure call framework which allows clients
> to invoke procedures in a server process over a network somewhat
> transparently. XDR is a mechanism for encoding data structures for
> use with RPC. NFS, NIS, and many other network services are built
> upon Sun RPC.
>
> The FreeBSD C runtime library (libc) contains an XDR encoder/decoder
> derived from Sun's RPC implementation.
>
> II. Problem Description
>
> An error in the calculation of memory needed for unpacking arrays in
> the XDR decoder can result in a heap buffer overflow.
>
> III. Impact
>
> Any application using Sun RPC may be vulnerable to the heap buffer
> overflow. Depending upon the application, this vulnerability may be
> exploitable and lead to arbitrary code execution.
>
> Though no exploits are known to exist currently, many RPC-based
> services run as the superuser (such as NFS, the NIS server, rpc.statd,
> and others) and thus this vulnerability should be considered
> high-risk.
>
> No RPC-based services are enabled by default in FreeBSD installations.
>
> IV. Workaround
>
> Do not run any RPC-based services. The RPC-based services running
> on a machine may be determined by:
>
> # rpcinfo -p <hostname>
>
> To disable any RPC-based services at next boot, add (or change if it
> is already present) the following lines in /etc/rc.conf:
>
> portmap_enable="NO"
> nfs_client_enable="NO"
> nfs_server_enable="NO"
> nis_client_enable="NO"
> nis_server_enable="NO"
>
> V. Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
> RELENG_4_5, or RELENG_4_4 security branch dated after the correction
> date (4.6.1-RELEASE-p6, 4.5-RELEASE-p15, or 4.4-RELEASE-p22).
>
> 2) To patch your present system:
>
> The following patch has been verified to apply to FreeBSD 4.4, 4.5,
> and 4.6 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile the operating system as described in
> <URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
>
> Note that any statically linked applications that are not part of
> the base system (i.e. from the Ports Collection or other 3rd-party
> sources) must be recompiled if they use Sun RPC.
>
> All affected applications must be restarted in order to use the
> corrected library. Though it is not required, rebooting may be the
> easiest way to accomplish this.
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Path Revision
> Branch
> - -------------------------------------------------------------------------
> src/lib/libc/xdr/xdr_array.c
> RELENG_4 1.8.2.3
> RELENG_4_6 1.8.10.4
> RELENG_4_5 1.8.8.3
> RELENG_4_4 1.8.6.3
> src/sys/conf/newvers.sh
> RELENG_4_6 1.44.2.23.2.11
> RELENG_4_5 1.44.2.20.2.16
> RELENG_4_4 1.44.2.17.2.21
> - -------------------------------------------------------------------------
>
> VII. References
>
> <URL:http://online.securityfocus.com/archive/1/285308>
> <URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (FreeBSD)
>
> iQCVAwUBPUkpkFUuHi5z0oilAQF7TQP9H50V3qUsZcWC5nemnMO9CL+QBmIuuGkE
> C7p3mBxcH6mS5EmUU4zFOum4QSaEh9J47I7CGcS+sNg7JN5lfK1oSwsE9JidbZz4
> kx9cQrx+rppQuQyK9tK4TXVXz0PiUdZMs3vgytJDuAOu38bg3ttUd4jhTIKHnLGh
> NMjQMH2vNUk=
> =yP62
> -----END PGP SIGNATURE-----
>
> ----
> Sandro Luiz Silva
> Analista de Sistema
> Fone: 047 9952-4876
> ------- End of Forwarded Message -------
>
>
> ----
> Sandro Luiz Silva
> Analista de Sistema
> Fone: 047 9952-4876
> ________________________________________________
> Para sair da lista visite o URL abaixo:
> http://www2.fugspbr.org/mailman/listinfo/fugspbr
>
--
Thanks && Regards
Luís Vitório Cargnini
TRDC - Telenova Communications Corp.
-------------- Próxima Parte ----------
Um anexo não-texto foi limpo...
Nome: signature.asc
Tipo: application/pgp-signature
Tamanho: 187 bytes
Descrição: This is a digitally signed message part
URL: <http://www.fug.com.br/pipermail/freebsd/attachments/20020809/41594c31/attachment.bin>
Mais detalhes sobre a lista de discussão freebsd