diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-13:11.sendfile.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-13:11.sendfile.asc | 126 |
1 files changed, 0 insertions, 126 deletions
diff --git a/share/security/advisories/FreeBSD-SA-13:11.sendfile.asc b/share/security/advisories/FreeBSD-SA-13:11.sendfile.asc deleted file mode 100644 index 191e683c11..0000000000 --- a/share/security/advisories/FreeBSD-SA-13:11.sendfile.asc +++ /dev/null @@ -1,126 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-13:11.sendfile Security Advisory - The FreeBSD Project - -Topic: Kernel memory disclosure in sendfile(2) - -Category: core -Module: sendfile -Announced: 2013-09-10 -Credits: Ed Maste -Affects: FreeBSD 9.2-RC1 and 9.2-RC2 -Corrected: 2013-09-10 10:07:21 UTC (stable/9, 9.2-STABLE) - 2013-09-10 10:08:20 UTC (releng/9.2, 9.2-RC1-p2) - 2013-09-10 10:08:20 UTC (releng/9.2, 9.2-RC2-p2) -CVE Name: CVE-2013-5666 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -The sendfile(2) system call allows a server application (such as an -HTTP or FTP server) to transmit the contents of a file over a network -connection without first copying it to application memory. High -performance servers such as Apache and ftpd use sendfile. - -II. Problem Description - -On affected systems, if the length passed to sendfile(2) is non-zero -and greater than the length of the file being transmitted, sendfile(2) -will pad the transmission up to the requested length or the next -pagesize boundary, whichever is smaller. - -The content of the additional bytes transmitted in this manner depends -on the underlying filesystem, but may potentially include information -useful to an attacker. - -III. Impact - -An unprivileged user with the ability to run arbitrary code may be -able to obtain arbitrary kernel memory contents. - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 9.2-STABLE] -# fetch http://security.FreeBSD.org/patches/SA-13:11/sendfile-9.2-stable.patch -# fetch http://security.FreeBSD.org/patches/SA-13:11/sendfile-9.2-stable.patch.asc -# gpg --verify sendfile-9.2-stable.patch.asc - -[FreeBSD 9.2-RC1 and 9.2-RC2] -# fetch http://security.FreeBSD.org/patches/SA-13:11/sendfile-9.2-rc.patch -# fetch http://security.FreeBSD.org/patches/SA-13:11/sendfile-9.2-rc.patch.asc -# gpg --verify sendfile-9.2-rc.patch.asc - -b) Apply the patch. - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -3) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/9/ r255443 -releng/9.2/ r255444 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5666> - -The latest revision of this advisory is available at -<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:11.sendfile.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.14 (FreeBSD) - -iEYEARECAAYFAlIu8rIACgkQFdaIBMps37K01ACgmwaW3PZhjDqWSlTHusjIPNVy -A/YAn3DFUAvlX8sH89taM+sedjbD5In8 -=gZwu ------END PGP SIGNATURE----- |