[FUGSPBR] Fw: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error
Carlos Augusto Silva
carlos em tvcultura.com.br
Seg Ago 19 12:14:33 BRT 2002
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
============================================================================
=
> FreeBSD-SA-02:38.signed-error Security
Advisory
> The FreeBSD
Project
>
> Topic: Boundary checking errors involving signed integers
>
> Category: core
> Module: sys
> Announced: 2002-08-19
> Credits: Silvio Cesare <silvio em qualys.com>
> Affects: All releases of FreeBSD up to and including
4.6.1-RELEASE-p10
> Corrected: 2002-08-13 02:42:32 UTC (RELENG_4)
> 2002-08-13 12:12:36 UTC (RELENG_4_6)
> 2002-08-13 12:13:05 UTC (RELENG_4_5)
> 2002-08-13 12:13:49 UTC (RELENG_4_4)
> FreeBSD only: YES
>
> I. Background
>
> The issue described in this advisory affects the accept(2),
> getsockname(2), and getpeername(2) system calls, and the vesa(4)
> FBIO_GETPALETTE ioctl(2).
>
> II. Problem Description
>
> A few system calls were identified that contained assumptions that
> a given argument was always a positive integer, while in fact the
> argument was handled as a signed integer. As a result, the boundary
> checking code would fail if the system call were entered with a
> negative argument.
>
> III. Impact
>
> The affected system calls could be called with large negative
> arguments, causing the kernel to return a large portion of kernel
> memory. Such memory might contain sensitive information, such as
> portions of the file cache or terminal buffers. This information
> might be directly useful, or it might be leveraged to obtain elevated
> privileges in some way. For example, a terminal buffer might include
> a user-entered password.
>
> IV. Workaround
>
> None.
>
> V. Solution
>
> 1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE;
> or to any of the RELENG_4_6 (4.6.1-RELEASE-p11), RELENG_4_5
> (4.5-RELEASE-p19), or RELENG_4_4 (4.4-RELEASE-p26) security branches
> dated after the respective correction dates.
>
> 2) To patch your present system:
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility. The following patch
> has been tested to apply to all FreeBSD 4.x releases.
>
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch.a
sc
>
> b) Apply the patch.
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html>
> and reboot the system.
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Path Revision
> Branch
> - ------------------------------------------------------------------------
-
> src/sys/i386/isa/vesa.c
> RELENG_4 1.32.2.1
> RELENG_4_6 1.32.10.1
> RELENG_4_5 1.32.8.1
> RELENG_4_4 1.32.6.1
> src/sys/kern/uipc_syscalls.c
> RELENG_4 1.65.2.12
> RELENG_4_6 1.65.2.9.6.1
> RELENG_4_5 1.65.2.9.4.1
> RELENG_4_4 1.65.2.9.2.1
> src/sys/conf/newvers.sh
> RELENG_4_6 1.44.2.23.2.16
> RELENG_4_5 1.44.2.20.2.20
> RELENG_4_4 1.44.2.17.2.25
> - ------------------------------------------------------------------------
-
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (FreeBSD)
>
> iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx8Kz8M6gnrg4omw
> w/vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1CrZwT/D5mkteU+
> XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ
> V8rt/2zD2wc=
> =LpMd
> -----END PGP SIGNATURE-----
>
________________________________________________
Para sair da lista visite o URL abaixo:
http://www2.fugspbr.org/mailman/listinfo/fugspbr
Mais detalhes sobre a lista de discussão freebsd