1 files changed, 138 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-05:06.iir.asc b/share/security/advisories/FreeBSD-SA-05:06.iir.asc
new file mode 100644
index 0000000000..a0b793fb00
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:06.iir.asc
@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:06.iir                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect permissions on /dev/iir
+
+Category:       core
+Module:         sys_dev
+Announced:      2005-05-06
+Credits:        Christian S.J. Peron
+                Andre Guibert de Bruet
+Affects:        All FreeBSD 4.x releases since 4.6-RELEASE
+                All FreeBSD 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE)
+                2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11)
+                2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE)
+                2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5)
+                2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10)
+CVE Name:       CAN-2005-1399
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2005-05-06  Initial release.
+v1.1 2005-05-07  Updated credits to include Andre Guibert de Bruet, who
+                 was inadvertantly omitted from the original advisory.
+
+I.   Background
+
+The iir(4) driver provides support for the Intel Integrated RAID
+controllers and ICP Vortex RAID controllers.
+
+II.  Problem Description
+
+The default permissions on the /dev/iir device node allow unprivileged
+local users to open the device and execute ioctl calls.
+
+III. Impact
+
+Unprivileged local users can send commands to the hardware supported by
+the iir(4) driver, allowing destruction of data and possible disclosure
+of data.
+
+IV.  Workaround
+
+Systems without hardware supported by the iir(4) driver are not affected
+by this issue.  On systems which are affected, as a workaround, the
+permissions on /dev/iir can be changed manually.
+
+As root, execute the following command:
+
+# chmod 0600 /dev/iir*
+
+On 5.x, the following commands are also needed to ensure that the
+correct permissions are used after rebooting.
+
+# echo 'perm iir* 0600' >> /etc/devfs.conf
+# echo 'devfs_enable="YES"' >> /etc/rc.conf
+
+If the administrator has created additional device nodes, or mounted
+additional instances of devfs(5) elsewhere in the file system name
+space, attention should be paid to ensure that either the iir device
+node is not visible in those name spaces, or is similarly protected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
+the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/dev/iir/iir_ctrl.c                                      1.2.2.5
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.6
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.9
+  src/sys/dev/iir/iir_ctrl.c                                 1.2.2.4.12.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.11
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.12
+  src/sys/dev/iir/iir_ctrl.c                                 1.2.2.4.10.1
+RELENG_5
+  src/sys/dev/iir/iir_ctrl.c                                     1.15.2.2
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.5
+  src/sys/dev/iir/iir_ctrl.c                                 1.15.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.14
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.16
+  src/sys/dev/iir/iir_ctrl.c                                     1.15.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCfEXyFdaIBMps37IRAu6WAJ9qBjsIfH7GGPRiHsvXwlkuau5kswCfXhan
+YhoUBZ4gHuIXJFM1gOEAyVk=
+=zRAR
+-----END PGP SIGNATURE-----