[FUGSPBR] Fw: FreeBSD Security Advisory FreeBSD-SA-03:05.xdr
Sp0oKeR Labs
spooker em spooker.com.br
Qui Mar 20 14:07:28 BRT 2003
----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories em freebsd.org>
To: "Bugtraq" <bugtraq em securityfocus.com>
Sent: Thursday, March 20, 2003 1:10 PM
Subject: FreeBSD Security Advisory FreeBSD-SA-03:05.xdr
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
============================================================================
=
> FreeBSD-SA-03:05.xdr Security
Advisory
> The FreeBSD
Project
>
> Topic: remote denial-of-service in XDR encoder/decoder
>
> Category: core
> Module: libc
> Announced: 2003-03-20
> Credits: Riley Hassell, eEye
> Todd Miller <millert em OpenBSD.org>
> Affects: All releases of FreeBSD prior to 4.6-RELEASE-p11,
> 4.7-RELEASE-p8, 4.8-RELEASE and 5.0-RELEASE-p5
> Corrected: 2003-03-20 12:59:55 UTC (RELENG_4)
> 2003-03-20 13:05:04 UTC (RELENG_4_6)
> 2003-03-20 13:05:27 UTC (RELENG_4_7)
> 2003-03-20 13:04:46 UTC (RELENG_5_0)
> FreeBSD only: NO
>
> I. Background
>
> XDR (eXternal Data Representation) is a standard developed by Sun
> Microsystems for platform-independent encoding of data types. It is
> widely used by the Sun RPC (Remote Procedure Call) protocol and other
> protocols. FreeBSD's standard C library includes routines for encoding
> and decoding XDR, derived from a library originally distributed by
> Sun Microsystems.
>
> II. Problem Description
>
> The xdrmem XDR stream object does incorrect bounds-checking. An
> internal variable used for tracking bounds is a signed integer.
> Bounds-checking is performed by subtracting the object length from
> this signed integer, and then testing for a negative result. However,
> if the object length is sufficiently large, the internal variable will
> wrap and the result will be positive.
>
> III. Impact
>
> For some operations on the xdrmem XDR stream object, the
> bounds-checking is followed by a memory copy. If the bounds-checking
> error is exploited, then the memory copy will operate on a huge region
> of memory, resulting in a segmentation violation. Thus, it may be
> possible for an attacker to send maliciously formatted messages to a
> service which utilizes the xdrmem XDR stream object and cause a
> denial-of-service.
>
> IV. Workaround
>
> None known.
>
> V. Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to the FreeBSD 4-STABLE branch; or
> to the RELENG_4_7 (4.7-RELEASE-p8), RELENG_4_6 (4.6-RELEASE-p11), or
> RELENG_5_0 (5.0-RELEASE-p5) security branch dated after the correction
> date.
>
> 2) To patch your present system:
>
> The following patch has been verified to apply to FreeBSD 4.6, and 4.7
> systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch.asc
>
> The following patch has been verified to apply to FreeBSD 5.0 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile the operating system as described in
> <URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
>
> Note that any statically linked applications that are not part of
> the base system (i.e. from the Ports Collection or other 3rd-party
> sources) must be recompiled.
>
> All affected applications must be restarted for them to use the
> corrected library. Though not required, rebooting may be the easiest
> way to accomplish this.
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch Revision
> Path
> - ------------------------------------------------------------------------
-
> RELENG_4
> src/include/rpc/xdr.h 1.14.2.1
> src/lib/libc/xdr/xdr_mem.c 1.8.2.1
> RELENG_4_6
> src/UPDATING 1.73.2.68.2.38
> src/include/rpc/xdr.h 1.14.10.1
> src/lib/libc/xdr/xdr_mem.c 1.8.10.1
> src/sys/conf/newvers.sh 1.44.2.23.2.28
> RELENG_4_7
> src/UPDATING 1.73.2.74.2.10
> src/include/rpc/xdr.h 1.14.12.1
> src/lib/libc/xdr/xdr_mem.c 1.8.12.1
> src/sys/conf/newvers.sh 1.44.2.26.2.10
> RELENG_5_0
> src/UPDATING 1.229.2.10
> src/include/rpc/xdr.h 1.21.2.1
> src/lib/libc/xdr/xdr_mem.c 1.11.2.1
> src/sys/conf/newvers.sh 1.48.2.6
> - ------------------------------------------------------------------------
-
>
> VII. References
>
> <URL: http://www.cert.org/advisories/CA-2003-10.html >
> <URL: http://www.eeye.com/html/Research/Advisories/AD20030318.html >
> <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028 >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (FreeBSD)
> Comment: FreeBSD: The Power To Serve
>
> iD8DBQE+eb5xFdaIBMps37IRAiG+AJ4yWC/mnLQJAinaxAgt/CfvHY2wrQCfeaCR
> W5v39BKPf1fGIK5T3/Rwcp8=
> =MXpP
> -----END PGP SIGNATURE-----
>
---
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 17/3/2003
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd