[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7AFC97D8-44B9-11D9-A332-000D9359BF58@ns.sympatico.ca>
From: daygl0 at ns.sympatico.ca (Danny)
Subject: Re: Full-Disclosure digest, Vol 1 #2093 - 36 msgs
There is a security update, I just noticed it.
Security Update 2004-12-02 delivers a number of security enhancements
and is recommended for all Macintosh users. This update includes the
following components:
Apache
AppKit
HIToolbox
Kerberos
Postfix
PSNormalizer
Safari
Terminal
For detailed information on this Update, please visit this website:
http://www.info.apple.com/kbnum/n61798
On 2-Dec-04, at 3:32 PM, Randall Craig wrote:
> On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig@...il.com>
> wrote:
> Ok I am super duper new to this list and also new to *nix... i will
> never go back to M$ ceptin for gaming purposes... I am running on OS
> X.3.3 and was wanting to know if the Security Alert pertaining to
> FreeBSD would also affect my system. I know that BSD is running
> underneath OS X... I am fairly sure that Apple is aware of it by
> now-.
> thnx
>
> n0 r3m0r53
>
> ###############
>
> FreeBSD-SA-04:17.procfs ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Security
> Advisory
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?The FreeBSD
> Project
>
> Topic: ? ? ? ? ?Kernel memory disclosure in procfs and linprocfs
>
> Category: ? ? ? core
> Module: ? ? ? ? sys
> Announced: ? ? ?2004-12-01
> Credits: ? ? ? ?Bryan Fulton, Ted Unangst, and the SWAT analysis tool
> ? ? ? ? ? ? ? ?Coverity, Inc.
> Affects: ? ? ? ?All FreeBSD releases
> Corrected: ? ? ?2004-12-01 21:33:35 UTC (RELENG_5, 5.3-STABLE)
> ? ? ? ? ? ? ? ?2004-12-01 21:34:23 UTC (RELENG_5_3, 5.3-RELEASE-p2)
> ? ? ? ? ? ? ? ?2004-12-01 21:34:43 UTC (RELENG_5_2, 5.2.1-RELEASE-p13)
> ? ? ? ? ? ? ? ?2004-12-01 21:33:57 UTC (RELENG_4, 4.10-STABLE)
> ? ? ? ? ? ? ? ?2004-12-01 21:35:10 UTC (RELENG_4_10, 4.10-RELEASE-p5)
> ? ? ? ? ? ? ? ?2004-12-01 21:35:57 UTC (RELENG_4_8, 4.8-RELEASE-p27)
> CVE Name: ? ? ? CAN-2004-1066
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
>
> I. ? Background
>
> The process file system, procfs(5), implements a view of the system
> process table inside the file system. ?It is normally mounted on
> /proc, and is required for the complete operation of programs such as
> ps(1) and w(1).
>
> The Linux process file system, linprocfs(5), emulates a subset of
> Linux's process file system and is required for the complete operation
> of some Linux binaries.
>
> II. ?Problem Description
>
> The implementation of the /proc/curproc/cmdline pseudofile in the
> procfs(5)
> file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline
> pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a
> process'
> argument vector from the process address space. ?During this operation,
> a pointer was dereferenced directly without the necessary validation
> steps being performed.
>
> III. Impact
>
> A malicious local user could perform a local denial of service attack
> by
> causing a system panic; or he could read parts of kernel memory. ?Such
> memory might contain sensitive information, such as portions of the
> file
> cache or terminal buffers. ?This information might be directly useful,
> or
> it might be leveraged to obtain elevated privileges in some way. ?For
> example, a terminal buffer might contain a user-entered password.
>
> FreeBSD 4.x does not implement the /proc/self/cmdline pseudofile in
> its linprocfs(5) file system, and is therefore only affected if the
> procfs(5) file system is mounted.
>
> In its default configuration, FreeBSD 5.x does not utilize procfs(5)
> or linprocfs(5) and will therefore be unaffected by this vulnerability
> unless the configuration is changed.
>
> IV. ?Workaround
>
> Unmount the procfs and linprocfs file systems if they are mounted.
> Execute the following command as root:
>
> ?umount -A -t procfs,linprocfs
>
> Also, remove or comment out any lines in fstab(5) that reference
> `procfs' or `linprocfs', so that they will not be re-mounted at next
> reboot.
>
> V. ? Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
> RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch
> dated
> after the correction date.
>
> 2) To patch your present system:
>
> The following patches have been verified to apply to FreeBSD 4.8, 4.10,
> 5.2, and 5.3 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 4.x]
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/
> procfs4.patch.asc
>
> [FreeBSD 5.x]
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/
> procfs5.patch.asc
>
> b) Apply the patch.
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
> system.
>
> VI. ?Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> Revision
> ?Path
> -
> -----------------------------------------------------------------------
> --
> RELENG_4
> ?src/sys/miscfs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.20.2.6
> RELENG_4_10
> ?src/UPDATING ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.73.2.90.2.6
> ?src/sys/conf/newvers.sh ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.44.2.34.2.7
> ?src/sys/miscfs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ?
> ?1.20.2.5.4.1
> RELENG_4_8
> ?src/UPDATING ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.73.2.80.2.30
> ?src/sys/conf/newvers.sh ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.44.2.29.2.28
> ?src/sys/miscfs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ?
> ?1.20.2.4.8.2
> RELENG_5
> ?src/sys/compat/linprocfs/linprocfs.c ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.84.2.1
> ?src/sys/fs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.52.2.1
> RELENG_5_3
> ?src/UPDATING ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.342.2.13.2.5
> ?src/sys/compat/linprocfs/linprocfs.c ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.84.4.1
> ?src/sys/conf/newvers.sh ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.62.2.15.2.7
> ?src/sys/fs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.52.4.1
> RELENG_5_2
> ?src/UPDATING ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.282.2.21
> ?src/sys/compat/linprocfs/linprocfs.c ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.78.2.1
> ?src/sys/conf/newvers.sh ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> 1.56.2.20
> ?src/sys/fs/procfs/procfs_status.c ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> ?1.49.2.1
>
>
> ###############
> --
>
>
> R__|____|| C____
> |
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 7024 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041202/740ca10d/attachment.bin
Powered by blists - more mailing lists