svn commit: r42453 - in head/share: security/advisories security/patches/SA-13:07 security/patches/SA-13:08 xml
Xin LI
delphij at FreeBSD.org
Sat Jul 27 03:39:14 UTC 2013
Author: delphij
Date: Sat Jul 27 03:39:12 2013
New Revision: 42453
URL: http://svnweb.freebsd.org/changeset/doc/42453
Log:
Add two latest advisories:
Fix Denial of Service vulnerability in named(8). [13:07]
Fix a bug that allows remote client bypass the normal
access checks when when -network or -host restrictions are
used at the same time with -mapall. [13:08]
Added:
head/share/security/advisories/FreeBSD-SA-13:07.bind.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-13:08.nfsserver.asc (contents, props changed)
head/share/security/patches/SA-13:07/
head/share/security/patches/SA-13:07/bind.patch (contents, props changed)
head/share/security/patches/SA-13:07/bind.patch.asc (contents, props changed)
head/share/security/patches/SA-13:08/
head/share/security/patches/SA-13:08/nfsserver.patch (contents, props changed)
head/share/security/patches/SA-13:08/nfsserver.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
Added: head/share/security/advisories/FreeBSD-SA-13:07.bind.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-13:07.bind.asc Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,121 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:07.bind Security Advisory
+ The FreeBSD Project
+
+Topic: BIND remote denial of service
+
+Category: contrib
+Module: bind
+Announced: 2013-07-26
+Credits: Maxim Shudrak and the HP Zero Day Initiative, ISC
+Affects: FreeBSD 8.4-RELEASE and FreeBSD 9.x
+Corrected: 2013-07-26 22:53:17 UTC (stable/8, 8.4-STABLE)
+ 2013-07-26 22:40:17 UTC (releng/8.4, 8.4-RELEASE-p2)
+ 2013-07-26 22:43:09 UTC (stable/9, 9.2-BETA2)
+ 2013-07-26 22:40:23 UTC (releng/9.1, 9.1-RELEASE-p5)
+CVE Name: CVE-2013-4854
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server. The libdns
+library is a library of DNS protocol support functions.
+
+II. Problem Description
+
+Due to a software defect a specially crafted query which includes
+malformed rdata, could cause named(8) to crash with an assertion
+failure and rejecting the malformed query. This issue affects both
+recursive and authoritative-only nameservers.
+
+III. Impact
+
+An attacker who can send a specially crafted query could cause named(8)
+to crash, resulting in a denial of service.
+
+IV. Workaround
+
+No workaround is available, but systems not running the named(8) service
+and not using the base system DNS utilities are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named daemon, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r253696
+releng/8.4/ r253692
+stable/9/ r253695
+releng/9.1/ r253693
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing XXXXXX with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing XXXXXX with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=XXXXXX>
+
+VII. References
+
+https://kb.isc.org/article/AA-01015
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854>
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:07.bind.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHzPpMACgkQFdaIBMps37Jb2ACdFqaNTTBFiOCuz30MJ5s85UVd
+MzoAn2ebCjqULwyEbJaeTlck87NPfQWR
+=RFf2
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-13:08.nfsserver.asc Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,120 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:08.nfsserver Security Advisory
+ The FreeBSD Project
+
+Topic: Incorrect privilege validation in the NFS server
+
+Category: core
+Module: nfsserver
+Announced: 2013-07-26
+Credits: Rick Macklem, Christopher Key, Tim Zingelman
+Affects: FreeBSD 8.3, FreeBSD 9.0 and FreeBSD 9.1
+Corrected: 2012-12-28 14:06:49 UTC (stable/9, 9.2-BETA2)
+ 2013-07-26 22:40:23 UTC (releng/9.1, 9.1-RELEASE-p5)
+ 2013-01-06 01:11:45 UTC (stable/8, 8.3-STABLE)
+ 2013-07-26 22:40:29 UTC (releng/8.3, 8.3-RELEASE-p9)
+CVE Name: CVE-2013-4851
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+The Network File System (NFS) allows a host to export some or all of its
+file systems so that other hosts can access them over the network and mount
+them as if they were on local disks. FreeBSD includes both server and client
+implementations of NFS.
+
+II. Problem Description
+
+The kernel incorrectly uses client supplied credentials instead of the one
+configured in exports(5) when filling out the anonymous credential for a
+NFS export, when -network or -host restrictions are used at the same time.
+
+III. Impact
+
+The remote client may supply privileged credentials (e.g. the root user)
+when accessing a file under the NFS share, which will bypass the normal
+access checks.
+
+IV. Workaround
+
+Systems that do not provide the NFS service are not vulnerable. Systems that
+do provide the NFS service are only vulnerable when -mapall or -maproot is
+used in combination with network and/or host restrictions.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch.asc
+# gpg --verify nfsserver.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r245086
+releng/8.3/ r253694
+stable/9/ r244772
+releng/9.1/ r253693
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing XXXXXX with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing XXXXXX with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=XXXXXX>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4851>
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:08.nfsserver.asc
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHzPrkACgkQFdaIBMps37I9YACfSu4orRhgOhol8vacW9kF3ZGP
+jtAAn0t2i14CMo1MT5MztI6RWX3hnUWZ
+=xjf/
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-13:07/bind.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-13:07/bind.patch Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,13 @@
+Index: contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
+===================================================================
+--- contrib/bind9/lib/dns/rdata/generic/keydata_65533.c (revision 253461)
++++ contrib/bind9/lib/dns/rdata/generic/keydata_65533.c (working copy)
+@@ -176,7 +176,7 @@
+ UNUSED(options);
+
+ isc_buffer_activeregion(source, &sr);
+- if (sr.length < 4)
++ if (sr.length < 16)
+ return (ISC_R_UNEXPECTEDEND);
+
+ isc_buffer_forward(source, sr.length);
Added: head/share/security/patches/SA-13:07/bind.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-13:07/bind.patch.asc Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAlHzPqUACgkQFdaIBMps37IIPgCgioXGAf1PRyZ0mSeCktSzxFeY
+l+4An0YlRzZ8Xbt+CgxwIwyvGjLYpy9q
+=tbCD
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-13:08/nfsserver.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-13:08/nfsserver.patch Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,13 @@
+Index: sys/kern/vfs_export.c
+===================================================================
+--- sys/kern/vfs_export.c (revision 253367)
++++ sys/kern/vfs_export.c (working copy)
+@@ -208,7 +208,7 @@
+ np->netc_anon = crget();
+ np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+- np->netc_anon->cr_groups);
++ argp->ex_anon.cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
+ np->netc_numsecflavors = argp->ex_numsecflavors;
Added: head/share/security/patches/SA-13:08/nfsserver.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-13:08/nfsserver.patch.asc Sat Jul 27 03:39:12 2013 (r42453)
@@ -0,0 +1,22 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+Index: sys/kern/vfs_export.c
+===================================================================
+- --- sys/kern/vfs_export.c (revision 253367)
++++ sys/kern/vfs_export.c (working copy)
+@@ -208,7 +208,7 @@
+ np->netc_anon = crget();
+ np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+- - np->netc_anon->cr_groups);
++ argp->ex_anon.cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
+ np->netc_numsecflavors = argp->ex_numsecflavors;
+-----BEGIN PGP SIGNATURE-----
+
+iEYEARECAAYFAlHzPsQACgkQFdaIBMps37J36gCgglvXt5i1cg/+gvs4mHyJ+mrj
+tesAn1Qli/x2FjqbQ++FPs8qF2Sc7Rxs
+=kdhf
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Sat Jul 27 00:02:23 2013 (r42452)
+++ head/share/xml/advisories.xml Sat Jul 27 03:39:12 2013 (r42453)
@@ -8,6 +8,23 @@
<name>2013</name>
<month>
+ <name>7</name>
+
+ <day>
+ <name>26</name>
+
+ <advisory>
+ <name>FreeBSD-SA-13:07.bind</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-13:08.nfsserver</name>
+ </advisory>
+ </day>
+
+ </month>
+
+ <month>
<name>6</name>
<day>
More information about the svn-doc-all
mailing list