Package: kfreebsd5-source Severity: grave Tags: security patch On Fri, Apr 15, 2005 at 01:58:06AM +0000, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-05:04.ifconf Security Advisory > The FreeBSD Project > > Topic: Kernel memory disclosure in ifconf() > > Category: core > Module: sys_net > Announced: 2005-04-15 > Credits: Ilja van Sprundel > Affects: All FreeBSD 4.x releases > All FreeBSD 5.x releases prior to 5.4-RELEASE > Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE) > 2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE) > 2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9) > 2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE) > 2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3) > 2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p8) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit > <URL:http://www.freebsd.org/security/>. > > I. Background > > The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce > a list of the existing network interfaces and copy it into a buffer > provided by the user process. > > II. Problem Description > > In generating the list of network interfaces, the kernel writes into a > portion of a buffer without first zeroing it. As a result, the prior > contents of the buffer will be disclosed to the calling process. > > III. Impact > > Up to 12 bytes of kernel memory may be disclosed to the user process. > Such memory might contain sensitive information, such as portions of > the file cache or terminal buffers. This information might be directly > useful, or it might be leveraged to obtain elevated privileges in some > way. For example, a terminal buffer might include a user-entered > password. > > IV. Workaround > > No known workaround. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the > RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the > correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 4.10, 4.11, > and 5.3 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 4.x] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch > # fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch.asc > > [FreeBSD 5.3] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch > # fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_4 > src/sys/net/if.c 1.85.2.29 > RELENG_4_11 > src/UPDATING 1.73.2.91.2.4 > src/sys/conf/newvers.sh 1.44.2.39.2.7 > src/sys/net/if.c 1.85.2.28.2.1 > RELENG_4_10 > src/UPDATING 1.73.2.90.2.9 > src/sys/conf/newvers.sh 1.44.2.34.2.10 > src/sys/net/if.c 1.85.2.25.2.1 > RELENG_5 > src/sys/net/if.c 1.199.2.15 > RELENG_5_4 > src/UPDATING 1.342.2.24.2.3 > src/sys/net/if.c 1.199.2.14.2.1 > RELENG_5_3 > src/UPDATING 1.342.2.13.2.12 > src/sys/conf/newvers.sh 1.62.2.15.2.14 > src/sys/net/if.c 1.199.2.7.2.3 > - ------------------------------------------------------------------------- > > The latest revision of this advisory is available at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (FreeBSD) > > iD8DBQFCXx8LFdaIBMps37IRAgEiAKCYfnAMPrVe72OPJMWtzMNrYmlPNgCfXRNe > RYDaRrNgFPGsFWTuVujelco= > =xLuH > -----END PGP SIGNATURE----- > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
-- .''`. Proudly running Debian GNU/kFreeBSD unstable/unreleased (on UFS2+S) : :' : `. `' http://www.debian.org/ports/kfreebsd-gnu `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
