[FUG-BR] Fw: FreeBSD Security Advisory FreeBSD-SA-07:04.file

Marcio Antunes mantunes.listas em gmail.com
Quarta Maio 23 14:27:13 BRT 2007


Aproveitando ..

Se eu baixar o FreeBSD da pagina oficial, ele ja vem com essa correção ou não..

Márcio

2007/5/23, irado furioso com tudo <irado at hotpop.com>:
>
> bem.. se todo mundo já souber, esqueçam e desculpem
>
>
> Iníciando encaminhamento de mensagem:
>
> Data: Wed, 23 May 2007 16:19:55 GMT
> De: FreeBSD Security Advisories <security-advisories at freebsd.org>
> Para: Bugtraq <bugtraq at securityfocus.com>
> Assunto: FreeBSD Security Advisory FreeBSD-SA-07:04.file
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-07:04.file                                       Security
> Advisory The FreeBSD Project
>
> Topic:          Heap overflow in file(1)
>
> Category:       contrib
> Module:         file
> Announced:      2007-05-23
> Affects:        All FreeBSD releases.
> Corrected:      2007-05-23 16:12:51 UTC (RELENG_6, 6.2-STABLE)
>                 2007-05-23 16:13:07 UTC (RELENG_6_2, 6.2-RELEASE-p5)
>                 2007-05-23 16:13:20 UTC (RELENG_6_1, 6.1-RELEASE-p17)
>                 2007-05-23 16:12:10 UTC (RELENG_5, 5.5-STABLE)
>                 2007-05-23 16:12:35 UTC (RELENG_5_5, 5.5-RELEASE-p13)
> CVE Name:       CVE-2007-1536
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I.   Background
>
> The file(1) utility attempts to classify file system objects based on
> filesystem, magic number and language tests.
>
> The libmagic(3) library provides most of the functionality of file(1)
> and may be used by other applications.
>
> II.  Problem Description
>
> When writing data into a buffer in the file_printf function, the length
> of the unused portion of the buffer is not correctly tracked, resulting
> in a buffer overflow when processing certain files.
>
> III. Impact
>
> An attacker who can cause file(1) to be run on a maliciously constructed
> input can cause file(1) to crash.  It may be possible for such an
> attacker to execute arbitrary code with the privileges of the user
> running file(1).
>
> The above also applies to any other applications using the libmagic(3)
> library.
>
> IV.  Workaround
>
> No workaround is available, but systems where file(1) and other
> libmagic(3)-using applications are never run on untrusted input are not
> vulnerable.
>
> V.   Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
> RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
> correction date.
>
> 2) To patch your present system:
>
> The following patches have been verified to apply to FreeBSD 5.5, 6.1,
> and 6.2 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 5.5]
> # fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch
> # fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch.asc
>
> [FreeBSD 6.1 and 6.2]
> # fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch
> # fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/lib/libmagic
> # make obj && make depend && make && make install
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch
> Revision Path
> -
> -------------------------------------------------------------------------
> RELENG_5 src/contrib/file/file.h
> 1.1.1.7.2.1 src/contrib/file/funcs.c
> 1.1.1.1.2.1 src/contrib/file/magic.c
> 1.1.1.1.2.1 RELENG_5_5
>   src/UPDATING
> 1.342.2.35.2.13
> src/sys/conf/newvers.sh                                  1.62.2.21.2.15
> src/contrib/file/file.h                                     1.1.1.7.8.1
> src/contrib/file/funcs.c                                    1.1.1.1.8.1
> src/contrib/file/magic.c                                    1.1.1.1.8.1
> RELENG_6 src/contrib/file/file.h
> 1.1.1.8.2.1 src/contrib/file/funcs.c
> 1.1.1.2.2.1 src/contrib/file/magic.c
> 1.1.1.2.2.1 RELENG_6_2
>   src/UPDATING
> 1.416.2.29.2.8
> src/sys/conf/newvers.sh                                   1.69.2.13.2.8
> src/contrib/file/file.h                                     1.1.1.8.8.1
> src/contrib/file/funcs.c                                    1.1.1.2.8.1
> src/contrib/file/magic.c                                    1.1.1.2.8.1
> RELENG_6_1 src/UPDATING
> 1.416.2.22.2.19
> src/sys/conf/newvers.sh                                  1.69.2.11.2.19
> src/contrib/file/file.h                                     1.1.1.8.6.1
> src/contrib/file/funcs.c                                    1.1.1.2.6.1
> src/contrib/file/magic.c                                    1.1.1.2.6.1
> -
> -------------------------------------------------------------------------
>
> VII. References
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
>
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-07:04.file.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (FreeBSD)
>
> iD8DBQFGVGjhFdaIBMps37IRAgogAJ9o/0yCxtRi527rgvhg/BoC/AvEsQCfcwMX
> ABl7JIb1XiY6QKWQ6UfwlGA=
> =meQ0
> -----END PGP SIGNATURE-----
>
>
> --
> saudações,
> irado furioso com tudo
> Linux User 179402/FreeBSD BSD50853/FUG-BR 154
> Não uso drogas - 100% Miko$hit-free
> Tudo o que Existe egressa do Ser e regressa ao Ser. O Ser é o
> Insondável Tao. Das profundezas do Ser nascem todos os seres que
> existem. O Ser, porém, é o abismo do Não-Existir.
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


Mais detalhes sobre a lista de discussão freebsd