diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-04:06.ipv6.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-04:06.ipv6.asc | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc b/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc deleted file mode 100644 index a614a8e091..0000000000 --- a/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc +++ /dev/null @@ -1,119 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-04:06.ipv6 Security Advisory - The FreeBSD Project - -Topic: setsockopt(2) IPv6 sockets input validation error - -Category: core -Module: kernel -Announced: 2004-03-29 -Credits: Katsuhisa ABE, Colin Percival -Affects: FreeBSD 5.2-RELEASE -Corrected: 2004-03-29 14:01:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p4) -CVE Name: CAN-2004-0370 -FreeBSD only: YES - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit -<URL:http://www.freebsd.org/security/>. - -I. Background - -IPv6 is a new Internet Protocol, designed to replace (and avoid many of -the problems with) the current Internet Protocol (version 4). FreeBSD -uses the KAME Project IPv6 implementation. - -Applications may manipulate the behavior of an IPv6 socket using the -setsockopt(2) system call. - -II. Problem Description - -A programming error in the handling of some IPv6 socket options within -the setsockopt(2) system call may result in memory locations being -accessed without proper validation. While the problem originates in -code from the KAME Project, it does not affect other operating systems. - -III. Impact - -It may be possible for a local attacker to read portions of kernel -memory, resulting in disclosure of sensitive information. A local -attacker can cause a system panic. - -IV. Workaround - -Do one of the following: - -1) Disable IPv6 entirely by following these steps: - - - Remove or comment out any lines mentioning `INET6' from your - kernel configuration file, and recompile your kernel as described - in <URL:http://www.freebsd.org/handbook/kernelconfig.html>. - - - Reboot your system. - -2) If all untrusted users are confined within a jail(8), ensure that -the security.jail.socket_unixiproute_only sysctl is set to 1 and -verify that no IPv6 sockets are currently open: - -# sysctl security.jail.socket_unixiproute_only=1 -# sockstat -6 - -This will restrict jailed processes to creating UNIX domain, IPv4, and -routing sockets, which are not vulnerable to this problem; note however -that processes inside a jail may still be able to inherit IPv6 sockets -from outside the jail, so this may not be sufficient for all systems. - -V. Solution - -Do one of the following: - -1) Upgrade your vulnerable system to the RELENG_5_2 security branch -dated after the correction date. - -2) To patch your present system: - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the kernel as described in -<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the -system. - -d) Install updated kernel headers. - -# cd /usr/src/include -# make install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_5_2 - src/UPDATING 1.282.2.12 - src/sys/netinet6/ip6_output.c 1.71.2.2 - src/sys/netinet/ip6.h 1.10.2.1 - src/sys/conf/newvers.sh 1.56.2.11 -- ------------------------------------------------------------------------- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (FreeBSD) - -iD8DBQFAaC6kFdaIBMps37IRAiCBAJ9ATb8FTKysuJvwlU8E0YOArWwP1gCcCCpw -rK7VXiZuLwD1zZmBepSHCt4= -=FLqJ ------END PGP SIGNATURE----- |