[FUGSPBR] Fw: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error

Capriotti capriotti em portal7.com.br
Seg Ago 19 19:19:28 BRT 2002 

Gente:

Acho que o pessoal esqueceu de incluir o grua de vulnerabilidade interna e 
externa.

Acho que só pessoas que têm acesso "local", como usuário shell na máquina 
podem explorar esse bug. Estou correto ?


At 12:14 PM 8/19/2002, you wrote:


> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
>============================================================================
>=
> > FreeBSD-SA-02:38.signed-error                               Security
>Advisory
> >                                                           The FreeBSD
>Project
> >
> > Topic:          Boundary checking errors involving signed integers
> >
> > Category:       core
> > Module:         sys
> > Announced:      2002-08-19
> > Credits:        Silvio Cesare <silvio em qualys.com>
> > Affects:        All releases of FreeBSD up to and including
>4.6.1-RELEASE-p10
> > Corrected:      2002-08-13 02:42:32 UTC (RELENG_4)
> >                 2002-08-13 12:12:36 UTC (RELENG_4_6)
> >                 2002-08-13 12:13:05 UTC (RELENG_4_5)
> >                 2002-08-13 12:13:49 UTC (RELENG_4_4)
> > FreeBSD only:   YES
> >
> > I.   Background
> >
> > The issue described in this advisory affects the accept(2),
> > getsockname(2), and getpeername(2) system calls, and the vesa(4)
> > FBIO_GETPALETTE ioctl(2).
> >
> > II.  Problem Description
> >
> > A few system calls were identified that contained assumptions that
> > a given argument was always a positive integer, while in fact the
> > argument was handled as a signed integer.  As a result, the boundary
> > checking code would fail if the system call were entered with a
> > negative argument.
> >
> > III. Impact
> >
> > The affected system calls could be called with large negative
> > arguments, causing the kernel to return a large portion of kernel
> > memory.  Such memory might contain sensitive information, such as
> > portions of the file cache or terminal buffers.  This information
> > might be directly useful, or it might be leveraged to obtain elevated
> > privileges in some way.  For example, a terminal buffer might include
> > a user-entered password.
> >
> > IV.  Workaround
> >
> > None.
> >
> > V.   Solution
> >
> > 1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE;
> > or to any of the RELENG_4_6 (4.6.1-RELEASE-p11), RELENG_4_5
> > (4.5-RELEASE-p19), or RELENG_4_4 (4.4-RELEASE-p26) security branches
> > dated after the respective correction dates.
> >
> > 2) To patch your present system:
> >
> > a) Download the relevant patch from the location below, and verify the
> > detached PGP signature using your PGP utility.  The following patch
> > has been tested to apply to all FreeBSD 4.x releases.
> >
> > # fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch
> > # fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch.a
>sc
> >
> > b) Apply the patch.
> >
> > # cd /usr/src
> > # patch < /path/to/patch
> >
> > c) Recompile your kernel as described in
> > <URL:http://www.freebsd.org/handbook/kernelconfig.html>
> > and reboot the system.
> >
> > VI.  Correction details
> >
> > The following list contains the revision numbers of each file that was
> > corrected in FreeBSD.
> >
> > Path                                                             Revision
> >   Branch
> > - ------------------------------------------------------------------------
>-
> > src/sys/i386/isa/vesa.c
> >   RELENG_4                                                       1.32.2.1
> >   RELENG_4_6                                                    1.32.10.1
> >   RELENG_4_5                                                     1.32.8.1
> >   RELENG_4_4                                                     1.32.6.1
> > src/sys/kern/uipc_syscalls.c
> >   RELENG_4                                                      1.65.2.12
> >   RELENG_4_6                                                 1.65.2.9.6.1
> >   RELENG_4_5                                                 1.65.2.9.4.1
> >   RELENG_4_4                                                 1.65.2.9.2.1
> > src/sys/conf/newvers.sh
> >   RELENG_4_6                                               1.44.2.23.2.16
> >   RELENG_4_5                                               1.44.2.20.2.20
> >   RELENG_4_4                                               1.44.2.17.2.25
> > - ------------------------------------------------------------------------
>-
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.7 (FreeBSD)
> >
> > iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx8Kz8M6gnrg4omw
> > w/vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1CrZwT/D5mkteU+
> > XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ
> > V8rt/2zD2wc=
> > =LpMd
> > -----END PGP SIGNATURE-----
> >
>
>________________________________________________
>Para sair da lista visite o URL abaixo:
>http://www2.fugspbr.org/mailman/listinfo/fugspbr

________________________________________________
Para sair da lista visite o URL abaixo:
http://www2.fugspbr.org/mailman/listinfo/fugspbr

Mais detalhes sobre a lista de discussão freebsd