svn commit: r41521 - head/share/security/advisories
Dag-Erling Smørgrav
des at FreeBSD.org
Mon Apr 29 21:56:03 UTC 2013
Author: des
Date: Mon Apr 29 21:56:02 2013
New Revision: 41521
URL: http://svnweb.freebsd.org/changeset/doc/41521
Log:
Revised advisory.
Modified:
head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
Modified: head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:24:50 2013 (r41520)
+++ head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:56:02 2013 (r41521)
@@ -10,20 +10,27 @@ Topic: Insufficient input valid
Category: core
Module: nfsserver
Announced: 2013-04-29
+Revised: 2013-04-29
Credits: Adam Nowacki
Affects: All supported versions of FreeBSD.
-Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE)
- 2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8)
- 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1)
- 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1)
- 2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE)
- 2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3)
+Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE)
+ 2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8)
+ 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1)
+ 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1)
+ 2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE)
+ 2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3)
CVE Name: CVE-2013-3266
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
+0. Revision History
+
+v1.0 2013-04-29 Initial release.
+v1.1 2013-04-29 Corrected patch URL.
+ Additional workaround information.
+
I. Background
The Network File System (NFS) allows a host to export some or all of its
@@ -75,6 +82,23 @@ following command:
This will print 1 if the system is running the new NFS implementation,
and 0 otherwise.
+To switch to the old NFS implementation:
+
+1) Append the following lines to /etc/rc.conf:
+
+ nfsv4_server_enable="no"
+ oldnfs_server_enable="yes"
+
+2) If the NFS server is compiled into the kernel (which is the case
+ for the stock GENERIC kernel), replace the NFSD option with the
+ NFSSERVER option, then recompile your kernel as described in
+ <URL:http://www.FreeBSD.org/handbook/kernelconfig.html>.
+
+ If the NFS server is not compiled into the kernel, the correct
+ module will be loaded at boot time.
+
+3) Finally, reboot the system.
+
V. Solution
Perform one of the following:
@@ -90,8 +114,8 @@ FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
-# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch
-# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc
+# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc
# gpg --verify nfsserver.patch.asc
b) Apply the patch.
@@ -118,11 +142,11 @@ corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/8/ r250058
-releng/8.3/ r250059
-releng/8.4/ r250062
-stable/9/ r250060
-releng/9.1/ r250061
+stable/8/ r250068
+releng/8.3/ r250069
+releng/8.4/ r250073
+stable/9/ r250070
+releng/9.1/ r250071
- -------------------------------------------------------------------------
VII. References
@@ -133,7 +157,7 @@ The latest revision of this advisory is
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
-----BEGIN PGP SIGNATURE-----
-iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q
-9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ
-=polM
+iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4
+GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5
+=bbRm
-----END PGP SIGNATURE-----
More information about the svn-doc-all
mailing list