diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-05:06.iir.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-05:06.iir.asc | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-05:06.iir.asc b/share/security/advisories/FreeBSD-SA-05:06.iir.asc new file mode 100644 index 0000000000..a0b793fb00 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:06.iir.asc @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:06.iir Security Advisory + The FreeBSD Project + +Topic: Incorrect permissions on /dev/iir + +Category: core +Module: sys_dev +Announced: 2005-05-06 +Credits: Christian S.J. Peron + Andre Guibert de Bruet +Affects: All FreeBSD 4.x releases since 4.6-RELEASE + All FreeBSD 5.x releases prior to 5.4-RELEASE +Corrected: 2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE) + 2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11) + 2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE) + 2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5) + 2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10) +CVE Name: CAN-2005-1399 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +<URL:http://www.freebsd.org/security/>. + +0. Revision History + +v1.0 2005-05-06 Initial release. +v1.1 2005-05-07 Updated credits to include Andre Guibert de Bruet, who + was inadvertantly omitted from the original advisory. + +I. Background + +The iir(4) driver provides support for the Intel Integrated RAID +controllers and ICP Vortex RAID controllers. + +II. Problem Description + +The default permissions on the /dev/iir device node allow unprivileged +local users to open the device and execute ioctl calls. + +III. Impact + +Unprivileged local users can send commands to the hardware supported by +the iir(4) driver, allowing destruction of data and possible disclosure +of data. + +IV. Workaround + +Systems without hardware supported by the iir(4) driver are not affected +by this issue. On systems which are affected, as a workaround, the +permissions on /dev/iir can be changed manually. + +As root, execute the following command: + +# chmod 0600 /dev/iir* + +On 5.x, the following commands are also needed to ensure that the +correct permissions are used after rebooting. + +# echo 'perm iir* 0600' >> /etc/devfs.conf +# echo 'devfs_enable="YES"' >> /etc/rc.conf + +If the administrator has created additional device nodes, or mounted +additional instances of devfs(5) elsewhere in the file system name +space, attention should be paid to ensure that either the iir device +node is not visible in those name spaces, or is similarly protected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after +the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/dev/iir/iir_ctrl.c 1.2.2.5 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.6 + src/sys/conf/newvers.sh 1.44.2.39.2.9 + src/sys/dev/iir/iir_ctrl.c 1.2.2.4.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.11 + src/sys/conf/newvers.sh 1.44.2.34.2.12 + src/sys/dev/iir/iir_ctrl.c 1.2.2.4.10.1 +RELENG_5 + src/sys/dev/iir/iir_ctrl.c 1.15.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.5 + src/sys/dev/iir/iir_ctrl.c 1.15.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.14 + src/sys/conf/newvers.sh 1.62.2.15.2.16 + src/sys/dev/iir/iir_ctrl.c 1.15.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCfEXyFdaIBMps37IRAu6WAJ9qBjsIfH7GGPRiHsvXwlkuau5kswCfXhan +YhoUBZ4gHuIXJFM1gOEAyVk= +=zRAR +-----END PGP SIGNATURE----- |