diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-15:03.sctp.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-15:03.sctp.asc | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/share/security/advisories/FreeBSD-SA-15:03.sctp.asc b/share/security/advisories/FreeBSD-SA-15:03.sctp.asc deleted file mode 100644 index 8820150cf0..0000000000 --- a/share/security/advisories/FreeBSD-SA-15:03.sctp.asc +++ /dev/null @@ -1,136 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-15:03.sctp Security Advisory - The FreeBSD Project - -Topic: SCTP stream reset vulnerability - -Category: core -Module: sctp -Announced: 2015-01-27 -Credits: Gerasimos Dimitriadis -Affects: All supported versions of FreeBSD. -Corrected: 2015-01-27 19:36:08 UTC (stable/10, 10.1-STABLE) - 2015-01-27 19:37:02 UTC (releng/10.1, 10.1-RELEASE-p5) - 2015-01-27 19:37:02 UTC (releng/10.0, 10.0-RELEASE-p17) - 2015-01-27 19:36:08 UTC (stable/9, 9.3-STABLE) - 2015-01-27 19:37:02 UTC (releng/9.3, 9.3-RELEASE-p9) - 2015-01-27 19:36:08 UTC (stable/8, 8.4-STABLE) - 2015-01-27 19:37:02 UTC (releng/8.4, 8.4-RELEASE-p23) -CVE Name: CVE-2014-8613 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -SCTP protocol provides reliable, flow-controlled, two-way transmission -of data. It is a message oriented protocol and can support the SOCK_STREAM -and SOCK_SEQPACKET abstractions. - -II. Problem Description - -The input validation of received SCTP RE_CONFIG chunks is insufficient, -and can result in a NULL pointer deference later. - -III. Impact - -A remote attacker who can send a malformed SCTP packet to a FreeBSD system -that serves SCTP can cause a kernel panic, resulting in a Denial of -Service. - -IV. Workaround - -On FreeBSD 10.1 or later systems, the system administrator can set -net.inet.sctp.reconfig_enable to 0 to disable processing of RE_CONFIG -chunks. This workaround is not available on earlier FreeBSD releases, -but systems that do not serve SCTP connections are not vulnerable. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-15:03/sctp.patch -# fetch https://security.FreeBSD.org/patches/SA-15:03/sctp.patch.asc -# gpg --verify sctp.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/8/ r277807 -releng/8.4/ r277808 -stable/9/ r277807 -releng/9.3/ r277808 -stable/10/ r277807 -releng/10.0/ r277808 -releng/10.1/ r277808 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8613> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:03.sctp.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.1.1 (FreeBSD) - -iQIcBAEBCgAGBQJUx+qbAAoJEO1n7NZdz2rnR98QAOWIIf7+akuopMxuVnppZKub -DKCgVAJznitKoxnBtYMAOTcKdf65dQqaAgznAWBRo+USue5LIOI0jjgLuQgepoG6 -eIosPiRXqvMQL6Qqx8ydwM3xiVQd+b9pMiLkh3cfljr1Oh6OV+YSRXC+HBKZXaR6 -sn5kHRR7xFiwV/HsX4RoSik3qPbDl1x66jeN5jL0Wqg2qjCagK6OxGOtkIlt3pDj -QrYNX/l20hXmvPjRojSEPhY+52X29/nlQjfJg/pwpsmiZJe3cqmfsh1aceUOH1Tu -BOVxwE3oYWrJ8NZBa2cKReU1Sdvl1FxtlaXwkE+sRBzh1/vA7AZU6jWL7fEV1wv0 -2mZYLoCrSHfBongLMohs4DQ8CCnH3iEoUBRbG9HGwlAh4s9CAre87oIdHHFWRSsg -oIHxNDG+lk+yNJuOKfjDT+poyuYw7TlBfYN+ifO5UHPOEIH430FWF3B3P2oH4I/M -7VQRClaxaNiPfAJxa11IwHKWM12yrrM7483AuPqdd1r9OUnx33y1jPY0ByemXv9d -LE8jJXs0cdR7zCJuV9R8Uif9xkdGLTj9emsqjaS1KxSJrSzPJaah4nkWq8BRmMXK -3xOxlIM/cGJLU+/cliDy3CqHipU4pt+S4RuAB41xx2k5g9YiAMH178xrfOgrklSH -xKfAM/gz4YqESK5QPjqO -=859G ------END PGP SIGNATURE----- |