diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-04:14.cvs.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-04:14.cvs.asc | 182 |
1 files changed, 182 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-04:14.cvs.asc b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc new file mode 100644 index 0000000000..d9611faea5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc @@ -0,0 +1,182 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:14.cvs.asc Security Advisory + The FreeBSD Project + +Topic: CVS + +Category: contrib +Module: cvs +Announced: 2004-09-19 +Credits: Stefan Esser, Sebastian Krahmer, Derek Price + iDEFENSE +Affects: All FreeBSD versions +Corrected: 2004-06-29 16:10:50 UTC (RELENG_4) + 2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3) + 2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12) + 2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25) + 2004-09-19 22:37:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p10) +CVE Name: CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418, + CAN-2004-0778 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +<URL:http://www.freebsd.org/security/>. + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using a number of different methods. When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +A number of vulnerabilities were discovered in CVS by Stefan Esser, +Sebastian Krahmer, and Derek Price. + + . Insufficient input validation while processing "Entry" lines. + (CAN-2004-0414) + + . A double-free resulting from erroneous state handling while + processing "Argumentx" commands. (CAN-2004-0416) + + . Integer overflow while processing "Max-dotdot" commands. + (CAN-2004-0417) + + . Erroneous handling of empty entries handled while processing + "Notify" commands. (CAN-2004-0418) + + . A format string bug while processing CVS wrappers. + + . Single-byte buffer underflows while processing configuration files + from CVSROOT. + + . Various other integer overflows. + +Additionally, iDEFENSE reports an undocumented command-line flag used +in debugging does not perform input validation on the given path +names. + +III. Impact + +CVS servers ("cvs server" or :pserver: modes) are affected by these +vulnerabilities. They vary in impact but include information disclosure +(the iDEFENSE-reported bug), denial-of-service (CAN-2004-0414, +CAN-2004-0416, CAN-2004-0417 and other bugs), or possibly arbitrary code +execution (CAN-2004-0418). In very special situations where the +attacker may somehow influence the contents of CVS configuration files +in CVSROOT, additional attacks may be possible. + +IV. Workaround + +Disable the use of remote CVS repositories. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the RELENG_4 stable branch, or to +the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch +dated after the correction date. + +OR + +2) Patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.9, +4.10 and 5.2.1 systems. Note that one *must* have previously applied +the patches pertaining to FreeBSD-SA-04:10.cvs in order to use these +patches. + +Note that FreeBSD 4.10-STABLE systems built from sources dated +2004-06-29 16:20:00 UTC or later include cvs 1.11.17, which has all +of these issues fixed. These patches should not be applied to those +systems. + +a) Download the relevant patches from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4_10 + src/UPDATING 1.73.2.90.2.4 + src/sys/conf/newvers.sh 1.44.2.34.2.5 + src/contrib/cvs/lib/xsize.h 1.1.1.1.6.1 + src/contrib/cvs/src/commit.c 1.8.2.5.6.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.6.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.6.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.6.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.4.2.1 + src/contrib/cvs/src/server.c 1.13.2.5.6.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.6.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.6.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.13 + src/sys/conf/newvers.sh 1.44.2.32.2.13 + src/contrib/cvs/lib/xsize.h 1.1.1.1.8.1 + src/contrib/cvs/src/commit.c 1.8.2.5.4.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.4.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.4.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.4.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.4.2 + src/contrib/cvs/src/server.c 1.13.2.5.4.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.4.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.28 + src/sys/conf/newvers.sh 1.44.2.29.2.26 + src/contrib/cvs/lib/xsize.h 1.1.1.1.10.1 + src/contrib/cvs/src/commit.c 1.8.2.5.2.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.2.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.2.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.2.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.2.2 + src/contrib/cvs/src/server.c 1.13.2.5.2.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.2.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.2.1 +RELENG_5_2 + src/UPDATING 1.282.2.18 + src/sys/conf/newvers.sh 1.56.2.17 + src/contrib/cvs/lib/xsize.h 1.1.1.1.12.1 + src/contrib/cvs/src/commit.c 1.13.4.1 + src/contrib/cvs/src/cvs.h 1.17.4.1 + src/contrib/cvs/src/filesubr.c 1.10.6.1 + src/contrib/cvs/src/history.c 1.1.1.10.6.1 + src/contrib/cvs/src/modules.c 1.1.1.8.6.3 + src/contrib/cvs/src/server.c 1.19.4.4 + src/contrib/cvs/src/wrapper.c 1.1.1.10.6.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.17.2.1 +- ------------------------------------------------------------------------- + +VII. References + +<URL: http://security.e-matters.de/advisories/092004.html > +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.5 (FreeBSD) + +iD8DBQFBTterFdaIBMps37IRAlkjAJ9jZ40PME0gr8b6DyS+h6zVHCxGTgCfdJN/ +JiKgPD2YDy378kBO3hYd8Ao= +=qzxJ +-----END PGP SIGNATURE----- |