diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-04:16.fetch.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-04:16.fetch.asc | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-04:16.fetch.asc b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc new file mode 100644 index 0000000000..96c9fe53c4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:16.fetch Security Advisory + The FreeBSD Project + +Topic: Overflow error in fetch + +Category: core +Module: fetch +Announced: 2004-11-18 +Credits: Colin Percival +Affects: All FreeBSD versions. +Corrected: 2004-11-18 12:02:13 UTC (RELENG_5, 5.3-STABLE) + 2004-11-18 12:03:05 UTC (RELENG_5_3, 5.3-RELEASE-p1) + 2004-11-18 12:04:29 UTC (RELENG_5_2, 5.2.1-RELEASE-p12) + 2004-11-18 12:05:36 UTC (RELENG_5_1, 5.1-RELEASE-p18) + 2004-11-18 12:05:50 UTC (RELENG_5_0, 5.0-RELEASE-p22) + 2004-11-18 12:02:29 UTC (RELENG_4, 4.10-STABLE) + 2004-11-18 12:06:06 UTC (RELENG_4_10, 4.10-RELEASE-p4) + 2004-11-18 12:06:22 UTC (RELENG_4_9, 4.9-RELEASE-p13) + 2004-11-18 12:06:36 UTC (RELENG_4_8, 4.8-RELEASE-p26) + 2004-11-18 12:06:52 UTC (RELENG_4_7, 4.7-RELEASE-p28) +CVE Name: CAN-2004-1053 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +<URL:http://www.freebsd.org/security/>. + +0. Revision History + +v1.0 2004-11-18 Initial release. +v1.1 2004-11-20 Added missing CVE name; removed empty references section. + +I. Background + +The fetch(1) utility is a tool for fetching files via FTP, HTTP, and HTTPS. + +II. Problem Description + +An integer overflow condition in the processing of HTTP headers can result +in a buffer overflow. + +III. Impact + +A malicious server or CGI script can respond to an HTTP or HTTPS request in +such a manner as to cause arbitrary portions of the client's memory to be +overwritten, allowing for arbitrary code execution. + +IV. Workaround + +There is no known workaround for the affected application, although +the ftp(1) application in the FreeBSD base system, and several +applications in the FreeBSD Ports collection provide similar +functionality and could be used in place of fetch(1). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.10, +5.2, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch +# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.bin/fetch +# make obj && make depend && make && make install + +3) IMPORTANT NOTE to users of FreeBSD Update: + +FreeBSD Update (security/freebsd-update in the FreeBSD Ports collection) +is a binary security update system for the FreeBSD base system. It is +not supported or endorsed by the FreeBSD Security team, but its author +has requested that the following note be included in this advisory: + + FreeBSD Update uses the fetch(1) utility for downloading security + updates to the FreeBSD base system. While these updates are + cryptographically signed, and FreeBSD Update is therefore immune from + most attacks, it is exposed to this vulnerability since the files + must be fetched before their integrity can be verified. + + As a workaround, FreeBSD Update can be made to use the ftp(1) utility + for downloading updates as follows: + + # sed -i.bak -e 's/fetch -qo/ftp -o/' /usr/local/sbin/freebsd-update + # freebsd-update fetch + # mv /usr/local/sbin/freebsd-update.bak /usr/local/sbin/freebsd-update + # freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/usr.bin/fetch/fetch.c 1.10.2.28 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.5 + src/sys/conf/newvers.sh 1.44.2.34.2.6 + src/usr.bin/fetch/fetch.c 1.10.2.23.2.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.14 + src/sys/conf/newvers.sh 1.44.2.32.2.14 + src/usr.bin/fetch/fetch.c 1.10.2.21.2.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.29 + src/sys/conf/newvers.sh 1.44.2.29.2.27 + src/usr.bin/fetch/fetch.c 1.10.2.20.2.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.32 + src/sys/conf/newvers.sh 1.44.2.26.2.30 + src/usr.bin/fetch/fetch.c 1.10.2.18.2.1 +RELENG_5 + src/usr.bin/fetch/fetch.c 1.72.2.2 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.4 + src/sys/conf/newvers.sh 1.62.2.15.2.6 + src/usr.bin/fetch/fetch.c 1.72.2.1.2.1 +RELENG_5_2 + src/UPDATING 1.282.2.20 + src/sys/conf/newvers.sh 1.56.2.19 + src/usr.bin/fetch/fetch.c 1.62.4.1 +RELENG_5_1 + src/UPDATING 1.251.2.20 + src/sys/conf/newvers.sh 1.50.2.20 + src/usr.bin/fetch/fetch.c 1.62.2.1 +RELENG_5_0 + src/UPDATING 1.229.2.28 + src/sys/conf/newvers.sh 1.48.2.23 + src/usr.bin/fetch/fetch.c 1.58.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.6 (FreeBSD) + +iD8DBQFBn6qYFdaIBMps37IRAkOZAJ4+DJtAK+I8lEvskiiFH10UOQHTUACfVn46 +g/AoLZ0r9AI8zW/trV2RRO8= +=HXQL +-----END PGP SIGNATURE----- |