diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-05:04.ifconf.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-05:04.ifconf.asc | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc b/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc deleted file mode 100644 index e32a03bcfc..0000000000 --- a/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc +++ /dev/null @@ -1,124 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-05:04.ifconf Security Advisory - The FreeBSD Project - -Topic: Kernel memory disclosure in ifconf() - -Category: core -Module: sys_net -Announced: 2005-04-15 -Credits: Ilja van Sprundel -Affects: All FreeBSD 4.x releases - All FreeBSD 5.x releases prior to 5.4-RELEASE -Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE) - 2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE) - 2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9) - 2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE) - 2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3) - 2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p8) -CVE Name: CAN-2005-1126 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit -<URL:http://www.freebsd.org/security/>. - -I. Background - -The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce -a list of the existing network interfaces and copy it into a buffer -provided by the user process. - -II. Problem Description - -In generating the list of network interfaces, the kernel writes into a -portion of a buffer without first zeroing it. As a result, the prior -contents of the buffer will be disclosed to the calling process. - -III. Impact - -Up to 12 bytes of kernel memory may be disclosed to the user process. -Such memory might contain sensitive information, such as portions of -the file cache or terminal buffers. This information might be directly -useful, or it might be leveraged to obtain elevated privileges in some -way. For example, a terminal buffer might include a user-entered -password. - -IV. Workaround - -No known workaround. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the -RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the -correction date. - -2) To patch your present system: - -The following patches have been verified to apply to FreeBSD 4.10, 4.11, -and 5.3 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 4.x] -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch.asc - -[FreeBSD 5.3] -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch -# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch.asc - -b) Apply the patch. - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_4 - src/sys/net/if.c 1.85.2.29 -RELENG_4_11 - src/UPDATING 1.73.2.91.2.4 - src/sys/conf/newvers.sh 1.44.2.39.2.7 - src/sys/net/if.c 1.85.2.28.2.1 -RELENG_4_10 - src/UPDATING 1.73.2.90.2.9 - src/sys/conf/newvers.sh 1.44.2.34.2.10 - src/sys/net/if.c 1.85.2.25.2.1 -RELENG_5 - src/sys/net/if.c 1.199.2.15 -RELENG_5_4 - src/UPDATING 1.342.2.24.2.3 - src/sys/net/if.c 1.199.2.14.2.1 -RELENG_5_3 - src/UPDATING 1.342.2.13.2.12 - src/sys/conf/newvers.sh 1.62.2.15.2.14 - src/sys/net/if.c 1.199.2.7.2.3 -- ------------------------------------------------------------------------- - -The latest revision of this advisory is available at -ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (FreeBSD) - -iD8DBQFCdsQnFdaIBMps37IRAqv+AJ4iFgJn+lud8kW+IPTuDe/fRNaKWwCeIMwY -llpfOaeaHq82l+ndg0F3uUM= -=NwqA ------END PGP SIGNATURE----- |