[FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-10:05.opie
matt
matt at xerq.net
Thu May 27 05:12:14 UTC 2010
There's a typo for the fetch link:
--http://security.freebsd.org/patches/SA-10-05/opie.patch
++http://security.freebsd.org/patches/SA-10:05/opie.patch
-Matt
On Thu, 27 May 2010 03:25:07 GMT, FreeBSD Security Advisories
<security-advisories at freebsd.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
=============================================================================
> FreeBSD-SA-10:05.opie Security
> Advisory
> The FreeBSD
> Project
>
> Topic: OPIE off-by-one stack overflow
>
> Category: contrib
> Module: contrib_opie
> Announced: 2010-05-27
> Credits: Maksymilian Arciemowicz and Adam Zabrocki
> Affects: All supported versions of FreeBSD
> Corrected: 2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE)
> 2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3)
> 2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE)
> 2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1)
> 2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8)
> 2010-05-27 03:15:04 UTC (RELENG_7_1, 7.1-RELEASE-p12)
> 2010-05-27 03:15:04 UTC (RELENG_6, 6.4-STABLE)
> 2010-05-27 03:15:04 UTC (RELENG_6_4, 6.4-RELEASE-p10)
> CVE Name: CVE-2010-1938
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> OPIE is a one-time password system designed to help to secure a system
> against replay attacks. It does so using a secure hash function and a
> challenge/response system.
>
> OPIE is enabled by default on FreeBSD.
>
> II. Problem Description
>
> A programming error in the OPIE library could allow an off-by-one buffer
> overflow to write a single zero byte beyond the end of an on-stack
buffer.
>
> III. Impact
>
> An attacker can remotely crash a service process which uses OPIE when
> stack protector is enabled.
>
> Note that this can happen even if OPIE is not enabled on the system,
> for instance the base system ftpd(8) is affected by this. Depending
> on the design and usage of OPIE, this may either affect only the
> process that handles the user authentication, or cause a Denial of
> Service condition.
>
> It is possible but very unlikely that an attacker could exploit this to
> gain access to a system.
>
> IV. Workaround
>
> No workaround is available, but systems without OPIE capable services
> running are not vulnerable.
>
> V. Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
> or to the RELENG_8_0, RELENG_7_3, RELENG_7_2, RELENG_7_1, RELENG_6_4
> security branch dated after the correction date.
>
> 2) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to FreeBSD 6.4,
> 7.1, 7.2, 7.3, and 8.0 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch
> # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/lib/libopie
> # make obj && make depend && make && make install
>
> NOTE: On the amd64 platform, the above procedure will not update the
> lib32 (i386 compatibility) libraries. On amd64 systems where the i386
> compatibility libraries are used, the operating system should instead
> be recompiled as described in
> <URL:http://www.FreeBSD.org/handbook/makeworld.html>
>
> 3) To update your vulnerable system via a binary patch:
>
> Systems running 6.4-RELEASE, 7.1-RELEASE, 7.2-RELEASE, 7.3-RELEASE or
> 8.0-RELEASE on the i386 or amd64 platforms can be updated via the
> freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> CVS:
>
> Branch
Revision
> Path
> -
-------------------------------------------------------------------------
> RELENG_6
> src/contrib/opie/libopie/readrec.c
1.1.1.4.14.1
> RELENG_6_4
> src/UPDATING
1.416.2.40.2.14
> src/sys/conf/newvers.sh
1.69.2.18.2.16
> src/contrib/opie/libopie/readrec.c
1.1.1.4.26.1
> RELENG_7
> src/contrib/opie/libopie/readrec.c
1.2.2.1
> RELENG_7_3
> src/UPDATING
1.507.2.34.2.3
> src/sys/conf/newvers.sh
1.72.2.16.2.5
> src/contrib/opie/libopie/readrec.c
1.2.12.2
> RELENG_7_2
> src/UPDATING
1.507.2.23.2.11
> src/sys/conf/newvers.sh
1.72.2.11.2.12
> src/contrib/opie/libopie/readrec.c
1.2.8.2
> RELENG_7_1
> src/UPDATING
1.507.2.13.2.15
> src/sys/conf/newvers.sh
1.72.2.9.2.16
> src/contrib/opie/libopie/readrec.c
1.2.6.2
> RELENG_8
> src/contrib/opie/libopie/readrec.c
1.2.10.2
> RELENG_8_0
> src/UPDATING
1.632.2.7.2.6
> src/sys/conf/newvers.sh
1.83.2.6.2.6
> src/contrib/opie/libopie/readrec.c
1.2.10.1.2.2
> -
-------------------------------------------------------------------------
>
> Subversion:
>
> Branch/path
Revision
> -
-------------------------------------------------------------------------
> stable/6/
r208586
> releng/6.4/
r208586
> stable/7/
r208586
> releng/7.3/
r208586
> releng/7.2/
r208586
> releng/7.1/
r208586
> stable/8/
r208586
> releng/8.0/
r208586
> -
-------------------------------------------------------------------------
>
> VII. References
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
>
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (FreeBSD)
>
> iEYEARECAAYFAkv95R0ACgkQFdaIBMps37KcEwCfXrMzuOs95kBzG822gZYKuCuI
> XrsAniMF+cUbTvzbgPpUb4YdoOte7G8X
> =BChs
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to
"freebsd-announce-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list