diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-11:01.mountd.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-11:01.mountd.asc | 150 |
1 files changed, 0 insertions, 150 deletions
diff --git a/share/security/advisories/FreeBSD-SA-11:01.mountd.asc b/share/security/advisories/FreeBSD-SA-11:01.mountd.asc deleted file mode 100644 index d4ca759c0e..0000000000 --- a/share/security/advisories/FreeBSD-SA-11:01.mountd.asc +++ /dev/null @@ -1,150 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-11:01.mountd Security Advisory - The FreeBSD Project - -Topic: Network ACL mishandling in mountd(8) - -Category: core -Module: mountd -Announced: 2011-04-20 -Credits: Ruslan Ermilov -Affects: All supported versions of FreeBSD -Corrected: 2011-04-20 21:00:24 UTC (RELENG_7, 7.4-STABLE) - 2011-04-20 21:00:24 UTC (RELENG_7_3, 7.3-RELEASE-p5) - 2011-04-20 21:00:24 UTC (RELENG_7_4, 7.4-RELEASE-p1) - 2011-04-20 21:00:24 UTC (RELENG_8, 8.2-STABLE) - 2011-04-20 21:00:24 UTC (RELENG_8_1, 8.1-RELEASE-p3) - 2011-04-20 21:00:24 UTC (RELENG_8_2, 8.2-RELEASE-p1) -CVE Name: CVE-2011-1739 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -The mountd(8) daemon services NFS mount requests from other client -machines. When mountd is started, it loads the export host addresses -and options into the kernel using the mount(2) system call. - -II. Problem Description - -While parsing the exports(5) table, a network mask in the form of -"-network=netname/prefixlength" results in an incorrect network mask -being computed if the prefix length is not a multiple of 8. - -For example, specifying the ACL for an export as "-network 192.0.2.0/23" -would result in a netmask of 255.255.127.0 being used instead of the -correct netmask of 255.255.254.0. - -III. Impact - -When using a prefix length which is not multiple of 8, access would be -granted to the wrong client systems. - -IV. Workaround - -For IPv4-only systems, using the -netmask option instead of CIDR notion -for -network circumvents this bug. - -A firewall such as pf(4) can (and probably should) be used to restrict -access to the NFS server. - -Systems not providing NFS service, or using a prefix length which is a -multiple of 8 in all ACLs, are not affected. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the -RELENG_8_2, RELENG_8_1, RELENG_7_4, RELENG_7_3 security branch dated -after the correction date. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to FreeBSD 7.3, 7.4, -8.1 and 8.2 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch -# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/usr.sbin/mountd -# make obj && make depend && make && make install - -3) To update your vulnerable system via a binary patch: - -Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE or 8.2-RELEASE on -the i386 or amd64 platforms can be updated via the freebsd-update(8) -utility: - -# freebsd-update fetch -# freebsd-update install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -CVS: - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_7 - src/usr.sbin/mountd/mountd.c 1.94.2.3 -RELENG_7_4 - src/UPDATING 1.507.2.36.2.3 - src/sys/conf/newvers.sh 1.72.2.18.2.6 - src/usr.sbin/mountd/mountd.c 1.94.2.2.8.2 -RELENG_7_3 - src/UPDATING 1.507.2.34.2.7 - src/sys/conf/newvers.sh 1.72.2.16.2.9 - src/usr.sbin/mountd/mountd.c 1.94.2.2.6.2 -RELENG_8 - src/usr.sbin/mountd/mountd.c 1.105.2.3 -RELENG_8_2 - src/UPDATING 1.632.2.19.2.3 - src/sys/conf/newvers.sh 1.83.2.12.2.6 - src/usr.sbin/mountd/mountd.c 1.105.2.2.4.2 -RELENG_8_1 - src/UPDATING 1.632.2.14.2.6 - src/sys/conf/newvers.sh 1.83.2.10.2.7 - src/usr.sbin/mountd/mountd.c 1.105.2.2.2.2 -- ------------------------------------------------------------------------- - -Subversion: - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/7/ r220901 -releng/7.3/ r220901 -releng/7.4/ r220901 -stable/8/ r220901 -releng/8.1/ r220901 -releng/8.2/ r220901 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1739 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (FreeBSD) - -iEYEARECAAYFAk2vSjwACgkQFdaIBMps37J91ACfbj6PbStDVBISUx/jC8/3n0uS -+oUAnj9TdPvwezLnrej/XMahWlHQHK1N -=Hv1Y ------END PGP SIGNATURE----- |