rst.void.ru
RusH security team
|
| Предыдущая тема :: Следующая тема |
| Автор |
Сообщение |
__blf
moder
Зарегистрирован: 31.01.2005
Сообщения: 428
|
 Добавлено: Чт Мар 10, 2005 3:51 pm
Заголовок сообщения: *BSD bugtraq |
 |
|
| Если у кого появляются интересные описания уязвимостей под *BSD системы (OpenBSD/FreeBSD/NetBSD/DFBSD) - пишите тут пожалуйста, в качестве награды добавим в Gr33tz при выходе эксплоита. |
|
| Вернуться к началу |
|
 |
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Чт Мар 31, 2005 10:42 pm
Заголовок сообщения: |
|
|
Today's Topics:
1. FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
(FreeBSD Security Advisories)
----------------------------------------------------------------------
Message: 1
Date: Mon, 28 Mar 2005 19:52:14 GMT
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Message-ID: <200503281952.j2SJqE6Q041133@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:01.telnet Security Advisory
The FreeBSD Project
Topic: telnet client buffer overflows
Category: contrib
Module: contrib/telnet
Announced: 2005-03-28
Credits: iDEFENSE
Affects: All FreeBSD releases prior to 5.4-RELEASE
Corrected: 2005-03-28 15:50:00 UTC (RELENG_5, 5.4-PRERELEASE)
2005-03-28 15:48:00 UTC (RELENG_4, 4.11-STABLE)
2005-03-28 15:52:00 UTC (RELENG_5_3, 5.3-RELEASE-p6)
2005-03-28 15:57:00 UTC (RELENG_4_11, 4.11-RELEASE-p1)
2005-03-28 15:58:00 UTC (RELENG_4_10, 4.10-RELEASE-p6)
2005-03-28 16:00:00 UTC (RELENG_4_8, 4.8-RELEASE-p28)
CVE Name: CAN-2005-0468 CAN-2005-0469
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The telnet(1) command is a TELNET protocol client, used primarily to
establish terminal sessions across a network.
II. Problem Description
Buffer overflows were discovered in the env_opt_add() and
slc_add_reply() functions of the telnet(1) command. TELNET protocol
commands, options, and data are copied from the network to a
fixed-sized buffer. In the case of env_opt_add (CAN-2005-0468), the
buffer is located on the heap. In the case of slc_add_reply
(CAN-2005-0469), the buffer is global uninitialized data (BSS).
III. Impact
These buffer overflows may be triggered when connecting to a malicious
server, or by an active attacker in the network path between the
client and server. Specially crafted TELNET command sequences may
cause the execution of arbitrary code with the privileges of the user
invoking telnet(1).
IV. Workaround
Do not use telnet(1) to connect to untrusted machines or over an
untrusted network.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.8, 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch.asc
[FreeBSD 5.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Rebuild the operating system as described in
<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.4
src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.2.1
src/crypto/telnet/telnet/telnet.c 1.4.2.6
src/usr.bin/telnet/telnet.c 1.8.2.4
RELENG_4_11
src/UPDATING 1.73.2.91.2.2
src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.10.1
src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.22.1
src/crypto/telnet/telnet/telnet.c 1.4.2.5.12.1
src/sys/conf/newvers.sh 1.44.2.39.2.5
src/usr.bin/telnet/telnet.c 1.8.2.3.12.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.7
src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.8.1
src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.20.1
src/crypto/telnet/telnet/telnet.c 1.4.2.5.10.1
src/sys/conf/newvers.sh 1.44.2.34.2.8
src/usr.bin/telnet/telnet.c 1.8.2.3.10.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.32
src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.4.1
src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.16.1
src/crypto/telnet/telnet/telnet.c 1.4.2.5.6.1
src/sys/conf/newvers.sh 1.44.2.29.2.29
src/usr.bin/telnet/telnet.c 1.8.2.3.6.1
RELENG_5
src/contrib/telnet/telnet/telnet.c 1.14.6.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.9
src/contrib/telnet/telnet/telnet.c 1.14.8.1
src/sys/conf/newvers.sh 1.62.2.15.2.11
- -------------------------------------------------------------------------
VII. References
[IDEF0866] Multiple Telnet Client slc_add_reply() Buffer Overflow
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
[IDEF0867] Multiple Telnet Client env_opt_add() Buffer Overflow
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0
iD8DBQFCSECrFdaIBMps37IRAnRJAJ0VbP6TyaX7SLE2EwSrIYU25JSD9wCfYoe9
Qg2Lw/6QFLOgYG1jPuzogEs=
=0rFv
-----END PGP SIGNATURE-----
------------------------------
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
zZz
geek
Зарегистрирован: 19.02.2005
Сообщения: 47
|
Добавлено: Чт Мар 31, 2005 11:40 pm
Заголовок сообщения: |
|
|
Ну кто ж сейчас telnet'ом пользуется....
Кстати эта уязвимость не только во фряшном телнете - еще в solaris 9,10 и в mac os x
_________________
Be yourself, no matter what they say... |
|
| Вернуться к началу |
|
|
greenwood3
GOLD visitor
Зарегистрирован: 01.06.2004
Сообщения: 254
|
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Ср Апр 13, 2005 8:22 pm
Заголовок сообщения: |
|
|
| Цитата: | =============================================================================
FreeBSD-SA-05:02.sendfile Security Advisory
The FreeBSD Project
Topic: sendfile kernel memory disclosure
Category: core
Module: sys_kern
Announced: 2005-04-04
Credits: Sven Berkvens <sven@berkvens.net>
Marc Olzheim <zlo@zlo.nu>
Affects: All FreeBSD 4.x releases
All FreeBSD 5.x releases prior to 5.4-RELEASE
Corrected: 2005-04-04 23:52:02 UTC (RELENG_5, 5.4-STABLE)
2005-04-04 23:52:35 UTC (RELENG_5_4, 5.4-RELEASE)
2005-04-04 23:53:24 UTC (RELENG_5_3, 5.3-RELEASE-p7)
2005-04-04 23:53:36 UTC (RELENG_4, 4.11-STABLE)
2005-04-04 23:53:56 UTC (RELENG_4_11, 4.11-RELEASE-p2)
2005-04-04 23:54:13 UTC (RELENG_4_10, 4.10-RELEASE-p7)
2005-04-04 23:54:33 UTC (RELENG_4_8, 4.8-RELEASE-p29)
CVE Name: CAN-2005-0708
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The sendfile(2) system call allows a server application (such as an HTTP
or FTP server) to transmit the contents of a file over a network
connection without first copying it to application memory. High
performance servers such as Apache and ftpd use sendfile.
II. Problem Description
If the file being transmitted is truncated after the transfer has
started but before it completes, sendfile(2) will transfer the contents
of more or less random portions of kernel memory in lieu of the
missing part of the file.
III. Impact
A local user could create a large file and truncate it while
transferring it to himself, thus obtaining a copy of portions of system
memory to which he would normally not have access. Such memory might
contain sensitive information, such as portions of the file cache or
terminal buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way. For
example, a terminal buffer might include a user-entered password.
IV. Workaround
No known workaround.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.8, 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch.asc
[FreeBSD 5.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/ufs/ffs/ffs_inode.c 1.56.2.6
RELENG_4_11
src/UPDATING 1.73.2.91.2.3
src/sys/conf/newvers.sh 1.44.2.39.2.6
src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.12.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.8
src/sys/conf/newvers.sh 1.44.2.34.2.8
src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.10.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.33
src/sys/conf/newvers.sh 1.44.2.29.2.29
src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.6.1
RELENG_5
src/sys/ufs/ffs/ffs_inode.c 1.93.2.2
RELENG_5_4
src/UPDATING 1.342.2.24.2.1
src/sys/ufs/ffs/ffs_inode.c 1.93.2.1.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.10
src/sys/conf/newvers.sh 1.62.2.15.2.12
src/sys/ufs/ffs/ffs_inode.c 1.93.4.1
- ------------------------------------------------------------------------- |
&
| Цитата: | =============================================================================
FreeBSD-SA-05:03.amd64 Security Advisory
The FreeBSD Project
Topic: unprivileged hardware access on amd64
Category: core
Module: sys_amd64
Announced: 2004-04-06
Credits: Jari Kirma
Affects: All FreeBSD/amd64 5.x releases prior to 5.4-RELEASE
Corrected: 2005-04-06 01:05:51 UTC (RELENG_5, 5.4-STABLE)
2005-04-06 01:06:15 UTC (RELENG_5_4, 5.4-RELEASE)
2005-04-06 01:06:44 UTC (RELENG_5_3, 5.3-RELEASE-p
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The AMD64 architecture has two mechanisms for permitting processes to
access hardware: Kernel code can access hardware directly by reason of
its elevated privilege level, while user code can access a subset of
hardware determined by a bitmap.
II. Problem Description
The bitmap which determines which hardware can be accessed by unprivileged
processes was not initialized properly.
III. Impact
Unprivileged users on amd64 systems can gain direct access to some
hardware, allowing for denial of service, disclosure of sensitive
information, or possible privilege escalation.
IV. Workaround
No workaround is known for amd64 systems; other platforms are not
affected by this issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_3
security branch dated after the correction date.
2) To patch your present system:
a) Download the patch from the location below, and verify the detached
PGP signature using your PGP utility.
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_5
src/sys/amd64/amd64/machdep.c 1.618.2.10
src/sys/amd64/amd64/mp_machdep.c 1.242.2.8
src/sys/amd64/include/tss.h 1.16.2.1
RELENG_5_4
src/UPDATING 1.342.2.24.2.2
src/sys/amd64/amd64/machdep.c 1.618.2.9.2.1
src/sys/amd64/amd64/mp_machdep.c 1.242.2.7.2.1
src/sys/amd64/include/tss.h 1.16.6.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.11
src/sys/conf/newvers.sh 1.62.2.15.2.13
src/sys/amd64/amd64/machdep.c 1.618.2.1.2.1
src/sys/amd64/amd64/mp_machdep.c 1.242.2.2.2.1
src/sys/amd64/include/tss.h 1.16.4.1
- ------------------------------------------------------------------------- |
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Пт Апр 15, 2005 3:18 pm
Заголовок сообщения: |
|
|
=============================================================================
FreeBSD-SA-05:04.ifconf Security Advisory
The FreeBSD Project
Topic: Kernel memory disclosure in ifconf()
Category: core
Module: sys_net
Announced: 2005-04-15
Credits: Ilja van Sprundel
Affects: All FreeBSD 4.x releases
All FreeBSD 5.x releases prior to 5.4-RELEASE
Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE)
2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE)
2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9)
2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE)
2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3)
2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce
a list of the existing network interfaces and copy it into a buffer
provided by the user process.
II. Problem Description
In generating the list of network interfaces, the kernel writes into a
portion of a buffer without first zeroing it. As a result, the prior
contents of the buffer will be disclosed to the calling process.
III. Impact
Up to 12 bytes of kernel memory may be disclosed to the user process.
Such memory might contain sensitive information, such as portions of
the file cache or terminal buffers. This information might be directly
useful, or it might be leveraged to obtain elevated privileges in some
way. For example, a terminal buffer might include a user-entered
password.
IV. Workaround
No known workaround.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the
correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10, 4.11,
and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch.asc
[FreeBSD 5.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/net/if.c 1.85.2.29
RELENG_4_11
src/UPDATING 1.73.2.91.2.4
src/sys/conf/newvers.sh 1.44.2.39.2.7
src/sys/net/if.c 1.85.2.28.2.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.9
src/sys/conf/newvers.sh 1.44.2.34.2.10
src/sys/net/if.c 1.85.2.25.2.1
RELENG_5
src/sys/net/if.c 1.199.2.15
RELENG_5_4
src/UPDATING 1.342.2.24.2.3
src/sys/net/if.c 1.199.2.14.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.12
src/sys/conf/newvers.sh 1.62.2.15.2.14
src/sys/net/if.c 1.199.2.7.2.3
- -------------------------------------------------------------------------
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Сб Апр 23, 2005 10:41 pm
Заголовок сообщения: |
|
|
| Цитата: |
=============================================================================
FreeBSD-SA-05:05.cvs Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in CVS
Category: contrib
Module: cvs
Announced: 2005-04-22
Credits: Alen Zukich
Affects: All FreeBSD 4.x releases
All FreeBSD 5.x releases prior to 5.4-RELEASE
Corrected: 2005-04-22 18:01:04 UTC (RELENG_5, 5.4-STABLE)
2005-04-22 18:03:18 UTC (RELENG_5_4, 5.4-RELEASE)
2005-04-22 18:07:10 UTC (RELENG_5_3, 5.3-RELEASE-p10)
2005-04-22 18:13:30 UTC (RELENG_4, 4.11-STABLE)
2005-04-22 18:17:22 UTC (RELENG_4_11, 4.11-RELEASE-p4)
2005-04-22 18:16:15 UTC (RELENG_4_10, 4.10-RELEASE-p9)
CVE Name: CAN-2005-0753
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The Concurrent Versions System (CVS) is a version control system. It
may be used to access a repository locally, or to access a `remote
repository' using a number of different methods. When accessing a
remote repository, the target machine runs the CVS server to fulfill
client requests.
II. Problem Description
Multiple programming errors were found in CVS. In one case, variable
length strings are copied into a fixed length buffer without adequate
checks being made; other errors include NULL pointer dereferences,
possible use of uninitialized variables, and memory leaks.
III. Impact
CVS servers ("cvs server" or :pserver: modes) are affected by these
problems. The buffer overflow may potentially be exploited to execute
arbitrary code on the CVS server, either in the context of the
authenticated user or in the context of the CVS server, depending on
the access method used. The other errors may lead to a denial of
service.
IV. Workaround
No workaround is available for cvs servers; cvs clients are unaffected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.10]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch.asc
[FreeBSD 4.11 and 5.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs
# make obj && make depend && make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/contrib/cvs/src/login.c 1.3.2.6
src/contrib/cvs/src/patch.c 1.1.1.7.2.7
src/contrib/cvs/src/rcs.c 1.19.2.7
RELENG_4_11
src/UPDATING 1.73.2.91.2.5
src/sys/conf/newvers.sh 1.44.2.39.2.8
src/contrib/cvs/src/login.c 1.3.2.5.2.1
src/contrib/cvs/src/patch.c 1.1.1.7.2.6.2.1
src/contrib/cvs/src/rcs.c 1.19.2.6.2.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.10
src/sys/conf/newvers.sh 1.44.2.34.2.11
src/contrib/cvs/src/login.c 1.3.2.4.6.1
src/contrib/cvs/src/patch.c 1.1.1.7.2.5.6.1
src/contrib/cvs/src/rcs.c 1.19.2.5.6.1
RELENG_5
src/contrib/cvs/src/login.c 1.8.2.1
src/contrib/cvs/src/patch.c 1.1.1.13.2.1
src/contrib/cvs/src/rcs.c 1.27.2.1
RELENG_5_4
src/UPDATING 1.342.2.24.2.4
src/contrib/cvs/src/login.c 1.8.6.1
src/contrib/cvs/src/patch.c 1.1.1.13.6.1
src/contrib/cvs/src/rcs.c 1.27.6.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.13
src/sys/conf/newvers.sh 1.62.2.15.2.15
src/contrib/cvs/src/login.c 1.8.4.1
src/contrib/cvs/src/patch.c 1.1.1.13.4.1
src/contrib/cvs/src/rcs.c 1.27.4.1
- ------------------------------------------------------------------------- |
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Пт Май 06, 2005 5:30 pm
Заголовок сообщения: |
|
|
вот только что прям прилетело:
| Код: |
=============================================================================
FreeBSD-SA-05:06.iir Security Advisory
The FreeBSD Project
Topic: Incorrect permissions on /dev/iir
Category: core
Module: sys_dev
Announced: 2005-05-06
Credits: Christian S.J. Peron
Affects: All FreeBSD 4.x releases since 4.6-RELEASE
All FreeBSD 5.x releases prior to 5.4-RELEASE
Corrected: 2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE)
2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE)
2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11)
2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE)
2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5)
2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10)
CVE Name: CAN-2005-1399
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The iir(4) driver provides support for the Intel Integrated RAID
controllers and ICP Vortex RAID controllers.
II. Problem Description
The default permissions on the /dev/iir device node allow unprivileged
local users to open the device and execute ioctl calls.
III. Impact
Unprivileged local users can send commands to the hardware supported by
the iir(4) driver, allowing destruction of data and possible disclosure
of data.
IV. Workaround
Systems without hardware supported by the iir(4) driver are not affected
by this issue. On systems which are affected, as a workaround, the
permissions on /dev/iir can be changed manually.
As root, execute the following command:
# chmod 0600 /dev/iir*
On 5.x, the following commands are also needed to ensure that the
correct permissions are used after rebooting.
# echo 'perm iir* 0600' >> /etc/devfs.conf
# echo 'devfs_enable="YES"' >> /etc/rc.conf
If the administrator has created additional device nodes, or mounted
additional instances of devfs(5) elsewhere in the file system name
space, attention should be paid to ensure that either the iir device
node is not visible in those name spaces, or is similarly protected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/dev/iir/iir_ctrl.c 1.2.2.5
RELENG_4_11
src/UPDATING 1.73.2.91.2.6
src/sys/conf/newvers.sh 1.44.2.39.2.9
src/sys/dev/iir/iir_ctrl.c 1.2.2.4.12.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.11
src/sys/conf/newvers.sh 1.44.2.34.2.12
src/sys/dev/iir/iir_ctrl.c 1.2.2.4.10.1
RELENG_5
src/sys/dev/iir/iir_ctrl.c 1.15.2.2
RELENG_5_4
src/UPDATING 1.342.2.24.2.5
src/sys/dev/iir/iir_ctrl.c 1.15.2.1.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.14
src/sys/conf/newvers.sh 1.62.2.15.2.16
src/sys/dev/iir/iir_ctrl.c 1.15.4.1
- -------------------------------------------------------------------------
The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD4DBQFCetz4FdaIBMps37IRAvyMAJjeLAyi4DGQGV3J5Ay+zzt5z4awAKCQ2Z9f
Hh/14bkUQqNXbUTAXEUBrw==
=HFZ7
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Fri, 6 May 2005 03:03:13 GMT
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Security Advisory FreeBSD-SA-05:07.ldt
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Message-ID: <200505060303.j4633D8E089127@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:07.ldt Security Advisory
The FreeBSD Project
Topic: Local kernel memory disclosure in i386_get_ldt
Category: core
Module: sys_i386
Announced: 2005-05-06
Credits: Christer Oberg
Affects: All FreeBSD/i386 4.x releases since 4.7-RELEASE
All FreeBSD/i386 5.x and FreeBSD/amd64 5.x releases
prior to 5.4-RELEASE
Corrected: 2005-05-06 02:40:19 UTC (RELENG_5, 5.4-STABLE)
2005-05-06 02:40:49 UTC (RELENG_5_4, 5.4-RELEASE)
2005-05-06 02:40:32 UTC (RELENG_5_3, 5.3-RELEASE-p12)
2005-05-06 02:39:35 UTC (RELENG_4, 4.11-STABLE)
2005-05-06 02:40:05 UTC (RELENG_4_11, 4.11-RELEASE-p6)
2005-05-06 02:39:52 UTC (RELENG_4_10, 4.10-RELEASE-p11)
CVE Name: CAN-2005-1400
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
The i386_get_ldt(2) system call allows a process to request that a
portion of its Local Descriptor Table be copied from the kernel into
userland.
II. Problem Description
The i386_get_ldt(2) syscall performs insufficient validation of its
input arguments. In particular, negative or very large values may
allow inappropriate data to be copied from the kernel.
III. Impact
Kernel memory may be disclosed to the user process. Such memory might
contain sensitive information, such as portions of the file cache or
terminal buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way. For
example, a terminal buffer might include a user-entered password.
IV. Workaround
No workaround is known for i386 and amd64 systems; other platforms are
not affected by this issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc
[FreeBSD 5.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/i386/i386/sys_machdep.c 1.47.2.4
RELENG_4_11
src/UPDATING 1.73.2.91.2.7
src/sys/conf/newvers.sh 1.44.2.39.2.10
src/sys/i386/i386/sys_machdep.c 1.47.2.3.8.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.12
src/sys/conf/newvers.sh 1.44.2.34.2.13
src/sys/i386/i386/sys_machdep.c 1.47.2.3.6.1
RELENG_5
src/sys/i386/i386/sys_machdep.c 1.92.2.3
RELENG_5_4
src/UPDATING 1.342.2.24.2.6
src/sys/i386/i386/sys_machdep.c 1.92.2.1.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.15
src/sys/conf/newvers.sh 1.62.2.15.2.17
src/sys/i386/i386/sys_machdep.c 1.92.4.1
- -------------------------------------------------------------------------
The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQFCetz/FdaIBMps37IRAsGyAJ0e/186b85KV2w0iqXy+eZe4aoGMwCfSlRm
TqqVUL/yrYbXxlyzJZNEjPs=
=/YXX
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Fri, 6 May 2005 03:03:23 GMT
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Security Advisory FreeBSD-SA-05:08.kmem
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Message-ID: <200505060303.j4633NvP089169@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:08.kmem Security Advisory
The FreeBSD Project
Topic: Local kernel memory disclosure
Category: core
Module: sys
Announced: 2005-05-06
Credits: Christian S.J. Peron
Affects: All FreeBSD releases prior to 5.4-RELEASE
Corrected: 2005-05-06 02:50:00 UTC (RELENG_5, 5.4-STABLE)
2005-05-06 02:51:10 UTC (RELENG_5_4, 5.4-RELEASE)
2005-05-06 02:50:35 UTC (RELENG_5_3, 5.3-RELEASE-p13)
2005-05-06 02:48:46 UTC (RELENG_4, 4.11-STABLE)
2005-05-06 02:49:35 UTC (RELENG_4_11, 4.11-RELEASE-p7)
2005-05-06 02:49:08 UTC (RELENG_4_10, 4.10-RELEASE-p12)
CVE Name: CAN-2005-1406
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
I. Background
In many parts of the FreeBSD kernel, names (of mount points, devices,
files, etc.) are manipulated as NULL-terminated strings, but are provided
to applications within fixed-length buffers.
II. Problem Description
In several places, variable-length strings were copied into fixed-length
buffers without zeroing the unused portion of the buffer.
III. Impact
The previous contents of part of the fixed-length buffers will be
disclosed to applications. Such memory might contain sensitive
information, such as portions of the file cache or terminal buffers.
This information might be directly useful, or it might be leveraged to
obtain elevated privileges in some way. For example, a terminal buffer
might include a user-entered password.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch.asc
[FreeBSD 5.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/kern/vfs_subr.c 1.249.2.32
src/sys/net/if_mib.c 1.8.2.3
src/sys/netinet/ip_divert.c 1.42.2.8
src/sys/netinet/raw_ip.c 1.64.2.20
src/sys/netinet/udp_usrreq.c 1.64.2.20
RELENG_4_11
src/UPDATING 1.72.2.91.2.8
src/sys/conf/newvers.sh 1.44.2.39.2.11
src/sys/kern/vfs_subr.c 1.249.2.31.6.1
src/sys/net/if_mib.c 1.8.2.2.2.1
src/sys/netinet/ip_divert.c 1.42.2.7.2.1
src/sys/netinet/raw_ip.c 1.64.2.19.2.1
src/sys/netinet/udp_usrreq.c 1.64.2.19.6.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.13
src/sys/conf/newvers.sh 1.44.2.34.2.14
src/sys/kern/vfs_subr.c 1.249.2.31.4.1
src/sys/net/if_mib.c 1.8.2.1.16.2
src/sys/netinet/ip_divert.c 1.42.2.6.6.1
src/sys/netinet/raw_ip.c 1.64.2.18.4.1
src/sys/netinet/udp_usrreq.c 1.64.2.19.4.1
RELENG_5
src/sys/kern/subr_bus.c 1.156.2.7
src/sys/kern/vfs_subr.c 1.522.2.5
src/sys/net/if_mib.c 1.13.4.2
src/sys/netinet/ip_divert.c 1.98.2.3
src/sys/netinet/raw_ip.c 1.142.2.5
src/sys/netinet/udp_usrreq.c 1.162.2.8
RELENG_5_4
src/UPDATING 1.342.2.24.2.7
src/sys/kern/subr_bus.c 1.156.2.5.2.1
src/sys/kern/vfs_subr.c 1.522.2.4.2.1
src/sys/net/if_mib.c 1.13.4.1.2.1
src/sys/netinet/ip_divert.c 1.98.2.2.2.1
src/sys/netinet/raw_ip.c 1.142.2.4.2.1
src/sys/netinet/udp_usrreq.c 1.162.2.7.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.16
src/sys/conf/newvers.sh 1.62.2.15.2.18
src/sys/kern/subr_bus.c 1.156.2.2.2.1
src/sys/kern/vfs_subr.c 1.522.2.1.2.1
src/sys/net/if_mib.c 1.13.6.1
src/sys/netinet/ip_divert.c 1.98.4.1
src/sys/netinet/raw_ip.c 1.142.2.2.2.1
src/sys/netinet/udp_usrreq.c 1.162.2.3.2.1
- ------------------------------------------------------------------------- |
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Вс Май 08, 2005 5:38 pm
Заголовок сообщения: |
|
|
| Код: | =============================================================================
FreeBSD-SA-05:06.iir Security Advisory
The FreeBSD Project
Topic: Incorrect permissions on /dev/iir
Category: core
Module: sys_dev
Announced: 2005-05-06
Credits: Christian S.J. Peron
Andre Guibert de Bruet
Affects: All FreeBSD 4.x releases since 4.6-RELEASE
All FreeBSD 5.x releases prior to 5.4-RELEASE
Corrected: 2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE)
2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE)
2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11)
2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE)
2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5)
2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10)
CVE Name: CAN-2005-1399
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
0. Revision History
v1.0 2005-05-06 Initial release.
v1.1 2005-05-07 Updated credits to include Andre Guibert de Bruet, who
was inadvertantly omitted from the original advisory.
I. Background
The iir(4) driver provides support for the Intel Integrated RAID
controllers and ICP Vortex RAID controllers.
II. Problem Description
The default permissions on the /dev/iir device node allow unprivileged
local users to open the device and execute ioctl calls.
III. Impact
Unprivileged local users can send commands to the hardware supported by
the iir(4) driver, allowing destruction of data and possible disclosure
of data.
IV. Workaround
Systems without hardware supported by the iir(4) driver are not affected
by this issue. On systems which are affected, as a workaround, the
permissions on /dev/iir can be changed manually.
As root, execute the following command:
# chmod 0600 /dev/iir*
On 5.x, the following commands are also needed to ensure that the
correct permissions are used after rebooting.
# echo 'perm iir* 0600' >> /etc/devfs.conf
# echo 'devfs_enable="YES"' >> /etc/rc.conf
If the administrator has created additional device nodes, or mounted
additional instances of devfs(5) elsewhere in the file system name
space, attention should be paid to ensure that either the iir device
node is not visible in those name spaces, or is similarly protected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/dev/iir/iir_ctrl.c 1.2.2.5
RELENG_4_11
src/UPDATING 1.73.2.91.2.6
src/sys/conf/newvers.sh 1.44.2.39.2.9
src/sys/dev/iir/iir_ctrl.c 1.2.2.4.12.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.11
src/sys/conf/newvers.sh 1.44.2.34.2.12
src/sys/dev/iir/iir_ctrl.c 1.2.2.4.10.1
RELENG_5
src/sys/dev/iir/iir_ctrl.c 1.15.2.2
RELENG_5_4
src/UPDATING 1.342.2.24.2.5
src/sys/dev/iir/iir_ctrl.c 1.15.2.1.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.14
src/sys/conf/newvers.sh 1.62.2.15.2.16
src/sys/dev/iir/iir_ctrl.c 1.15.4.1
- ------------------------------------------------------------------------- |
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
Dark_Ghost
moder
Зарегистрирован: 19.01.2004
Сообщения: 498
Откуда: берутся дети?
|
Добавлено: Пн Май 09, 2005 7:44 pm
Заголовок сообщения: |
|
|
| Код: | =============================================================================
FreeBSD-SA-05:08.kmem Security Advisory
The FreeBSD Project
Topic: Local kernel memory disclosure
Category: core
Module: sys
Announced: 2005-05-06
Credits: Christian S.J. Peron
Uwe Doering
Affects: All FreeBSD releases prior to 5.4-RELEASE
Corrected: 2005-05-08 10:19:37 UTC (RELENG_5, 5.4-STABLE)
2005-05-07 03:58:26 UTC (RELENG_5_4, 5.4-RELEASE)
2005-05-08 10:23:52 UTC (RELENG_5_3, 5.3-RELEASE-p14)
2005-05-08 10:26:42 UTC (RELENG_4, 4.11-STABLE)
2005-05-08 10:29:54 UTC (RELENG_4_11, 4.11-RELEASE-p8)
2005-05-08 10:35:56 UTC (RELENG_4_10, 4.10-RELEASE-p13)
CVE Name: CAN-2005-1406
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.
0. Revision History
v1.0 2005-05-06 Initial release.
v1.1 2005-05-07 Updated patch to include related issues reported by
Uwe Doering.
I. Background
In many parts of the FreeBSD kernel, names (of mount points, devices,
files, etc.) are manipulated as NULL-terminated strings, but are provided
to applications within fixed-length buffers.
II. Problem Description
In several places, variable-length strings were copied into fixed-length
buffers without zeroing the unused portion of the buffer.
III. Impact
The previous contents of part of the fixed-length buffers will be
disclosed to applications. Such memory might contain sensitive
information, such as portions of the file cache or terminal buffers.
This information might be directly useful, or it might be leveraged to
obtain elevated privileges in some way. For example, a terminal buffer
might include a user-entered password.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.10,
4.11, and 5.3 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch.asc
[FreeBSD 5.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/kern/uipc_usrreq.c 1.54.2.11
src/sys/kern/vfs_subr.c 1.249.2.32
src/sys/net/if_mib.c 1.8.2.3
src/sys/netinet/ip_divert.c 1.42.2.8
src/sys/netinet/raw_ip.c 1.64.2.20
src/sys/netinet/tcp_subr.c 1.73.2.34
src/sys/netinet/udp_usrreq.c 1.64.2.20
RELENG_4_11
src/UPDATING 1.72.2.91.2.9
src/sys/conf/newvers.sh 1.44.2.39.2.12
src/sys/kern/uipc_usrreq.c 1.54.2.10.8.1
src/sys/kern/vfs_subr.c 1.249.2.31.6.1
src/sys/net/if_mib.c 1.8.2.2.2.1
src/sys/netinet/ip_divert.c 1.42.2.7.2.1
src/sys/netinet/raw_ip.c 1.64.2.19.2.1
src/sys/netinet/tcp_subr.c 1.73.2.33.4.1
src/sys/netinet/udp_usrreq.c 1.64.2.19.6.1
RELENG_4_10
src/UPDATING 1.73.2.90.2.14
src/sys/conf/newvers.sh 1.44.2.34.2.15
src/sys/kern/uipc_usrreq.c 1.54.2.10.6.1
src/sys/kern/vfs_subr.c 1.249.2.31.4.1
src/sys/net/if_mib.c 1.8.2.1.16.2
src/sys/netinet/ip_divert.c 1.42.2.6.6.1
src/sys/netinet/raw_ip.c 1.64.2.18.4.1
src/sys/netinet/tcp_subr.c 1.73.2.33.2.1
src/sys/netinet/udp_usrreq.c 1.64.2.19.4.1
RELENG_5
src/sys/kern/subr_bus.c 1.156.2.7
src/sys/kern/uipc_usrreq.c 1.138.2.14
src/sys/kern/vfs_subr.c 1.522.2.5
src/sys/net/if_mib.c 1.13.4.2
src/sys/netinet/ip_divert.c 1.98.2.3
src/sys/netinet/raw_ip.c 1.142.2.5
src/sys/netinet/tcp_subr.c 1.201.2.18
src/sys/netinet/udp_usrreq.c 1.162.2.8
RELENG_5_4
src/UPDATING 1.342.2.24.2.9
src/sys/kern/subr_bus.c 1.156.2.5.2.1
src/sys/kern/uipc_usrreq.c 1.138.2.13.2.1
src/sys/kern/vfs_subr.c 1.522.2.4.2.1
src/sys/net/if_mib.c 1.13.4.1.2.1
src/sys/netinet/ip_divert.c 1.98.2.2.2.1
src/sys/netinet/raw_ip.c 1.142.2.4.2.1
src/sys/netinet/tcp_subr.c 1.201.2.15.2.1
src/sys/netinet/udp_usrreq.c 1.162.2.7.2.1
RELENG_5_3
src/UPDATING 1.342.2.13.2.17
src/sys/conf/newvers.sh 1.62.2.15.2.19
src/sys/kern/subr_bus.c 1.156.2.2.2.1
src/sys/kern/uipc_usrreq.c 1.138.2.2.2.2
src/sys/kern/vfs_subr.c 1.522.2.1.2.1
src/sys/net/if_mib.c 1.13.6.1
src/sys/netinet/ip_divert.c 1.98.4.1
src/sys/netinet/raw_ip.c 1.142.2.2.2.1
src/sys/netinet/tcp_subr.c 1.201.2.1.2.2
src/sys/netinet/udp_usrreq.c 1.162.2.3.2.1
- ------------------------------------------------------------------------- |
_________________
Плохому хакеру логи мешают.
[EXT] |
|
| Вернуться к началу |
|
|
|
|
Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
|
|
