aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-10:07.mbuf.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-10:07.mbuf.asc156
1 files changed, 0 insertions, 156 deletions
diff --git a/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc b/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc
deleted file mode 100644
index ed29c55bbe..0000000000
--- a/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc
+++ /dev/null
@@ -1,156 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-=============================================================================
-FreeBSD-SA-10:07.mbuf Security Advisory
- The FreeBSD Project
-
-Topic: Lost mbuf flag resulting in data corruption
-
-Category: core
-Module: kern
-Announced: 2010-07-13
-Credits: Ming Fu
-Affects: FreeBSD 7.x and later.
-Corrected: 2010-07-13 02:45:17 UTC (RELENG_8, 8.1-PRERELEASE)
- 2010-07-13 02:45:17 UTC (RELENG_8_1, 8.1-RELEASE)
- 2010-07-13 02:45:17 UTC (RELENG_8_0, 8.0-RELEASE-p4)
- 2010-07-13 02:45:17 UTC (RELENG_7, 7.3-STABLE)
- 2010-07-13 02:45:17 UTC (RELENG_7_3, 7.3-RELEASE-p2)
- 2010-07-13 02:45:17 UTC (RELENG_7_1, 7.1-RELEASE-p13)
-CVE Name: CVE-2010-2693
-
-For general information regarding FreeBSD Security Advisories,
-including descriptions of the fields above, security branches, and the
-following sections, please visit <URL:http://security.FreeBSD.org/>.
-
-I. Background
-
-An mbuf is a basic unit of memory management in the FreeBSD kernel
-inter-process communication and networking subsystem. Network packets
-and socket buffers are dependent on mbufs for their storage.
-
-Data can be embedded directly in mbufs, or mbufs can instead reference
-external buffers. The sendfile(2) system call uses external mbuf storage
-to directly map the contents of a file into a chain of mbufs for
-transmission purposes. The mbuf object supports a read-only flag that
-must be honored to prevent modification or writes to buffer data in
-cases like these.
-
-II. Problem Description
-
-The read-only flag is not correctly copied when a mbuf buffer reference
-is duplicated. When the sendfile(2) system call is used to transmit
-data over the loopback interface, this can result in the backing pages
-for the transmitted file being modified, causing data corruption.
-
-III. Impact
-
-This data corruption can be exploited by an local attacker to escalate
-their privilege by carefully controlling the corruption of system files.
-It should be noted that the attacker can corrupt any file they have read
-access to.
-
-NOTE: While systems without untrusted local users are not affected by
-the security aspects of this issue, the potential for data corruption
-implies that this should still be treated as a critical erratum.
-
-IV. Workaround
-
-No workaround is available.
-
-V. Solution
-
-Perform one of the following:
-
-1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
-RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated
-after the correction date.
-
-2) To update your vulnerable system via a source code patch:
-
-The following patches have been verified to apply to FreeBSD 7.1, 7.3,
-8.0 and 8.1 systems.
-
-a) Download the relevant patch from the location below, and verify the
-detached PGP signature using your PGP utility.
-
-# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch
-# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch.asc
-
-b) Apply the patch.
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile your kernel as described in
-<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
-system.
-
-3) To update your vulnerable system via a binary patch:
-
-Systems running 7.1-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or
-amd64 platforms can be updated via the freebsd-update(8) utility:
-
-# freebsd-update fetch
-# freebsd-update install
-
-Now reboot the system.
-
-VI. Correction details
-
-The following list contains the revision numbers of each file that was
-corrected in FreeBSD.
-
-CVS:
-
-Branch Revision
- Path
-- -------------------------------------------------------------------------
-RELENG_7
- src/sys/kern/uipc_mbuf.c 1.174.2.4
-RELENG_7_3
- src/UPDATING 1.507.2.34.2.4
- src/sys/conf/newvers.sh 1.72.2.16.2.6
- src/sys/kern/uipc_mbuf.c 1.174.2.3.4.2
-RELENG_7_1
- src/UPDATING 1.507.2.13.2.16
- src/sys/conf/newvers.sh 1.72.2.9.2.17
- src/sys/kern/uipc_mbuf.c 1.174.2.2.2.2
-RELENG_8
- src/sys/kern/uipc_mbuf.c 1.185.2.3
-RELENG_8_1
- src/UPDATING 1.632.2.14.2.2
- src/sys/conf/newvers.sh 1.83.2.10.2.4
- src/sys/kern/uipc_mbuf.c 1.185.2.2.2.2
-RELENG_8_0
- src/UPDATING 1.632.2.7.2.7
- src/sys/conf/newvers.sh 1.83.2.6.2.7
- src/sys/kern/uipc_mbuf.c 1.185.2.1.2.2
-- -------------------------------------------------------------------------
-
-Subversion:
-
-Branch/path Revision
-- -------------------------------------------------------------------------
-stable/7/ r209964
-releng/7.3/ r209964
-releng/7.1/ r209964
-stable/8/ r209964
-releng/8.0/ r209964
-releng/8.1/ r209964
-- -------------------------------------------------------------------------
-
-VII. References
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2693
-
-The latest revision of this advisory is available at
-http://security.FreeBSD.org/advisories/FreeBSD-SA-10:07.mbuf.asc
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (FreeBSD)
-
-iEYEARECAAYFAkw71A0ACgkQFdaIBMps37JOOACff8w8qvsgopj11FFAPQdwyPLB
-JEQAniRHbomY2hJVw5FmrdQv3SP+ZziI
-=Reds
------END PGP SIGNATURE-----