kern/188432: MITM attacks against portsnap mirrors (pmirror.sh)
David Noel
david.i.noel at gmail.com
Thu Apr 10 16:30:01 UTC 2014
>Number: 188432
>Category: kern
>Synopsis: MITM attacks against portsnap mirrors (pmirror.sh)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 10 16:30:01 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: David Noel
>Release: 9.2
>Organization:
>Environment:
>Description:
The portsnap mirroring script pmirror.sh lacks of any sort of mechanism to verify fetched data prior to processing and mirroring it. Without this, mirrors are open to compromise via decompression library exploitation. It also means an attacker could feed a mirror a corrupt archive, opening users of that mirror to compromise.
>How-To-Repeat:
>Fix:
Solution summary: The addition of hashes and hash verification code to pmirror.sh.
The lines of concern in pmirror.sh are 99-103, 121-125, 138-149, and 153-157.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list