diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc b/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc deleted file mode 100644 index 24a12489dc..0000000000 --- a/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc +++ /dev/null @@ -1,132 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-20:05.if_oce_ioctl Security Advisory - The FreeBSD Project - -Topic: Insufficient oce(4) ioctl(2) privilege checking - -Category: core -Module: oce(4) -Announced: 2020-03-19 -Credits: Ilja Van Sprundel -Affects: All supported versions of FreeBSD. -Corrected: 2019-12-26 16:56:42 UTC (stable/12, 12.1-STABLE) - 2020-03-19 16:48:29 UTC (releng/12.1, 12.1-RELEASE-p3) - 2019-12-26 16:58:11 UTC (stable/11, 11.3-STABLE) - 2020-03-19 16:48:29 UTC (releng/11.3, 11.3-RELEASE-p7) -CVE Name: CVE-2019-15876 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The primary interface used for network driver configuration is ioctl(2). -Several ioctl(2) commands are reserved for driver-specific purposes. For -instance, a driver may use one of these ioctls to implement an interface for -updating device firmware. - -II. Problem Description - -The driver-specific ioctl(2) command handlers in oce(4) failed to check -whether the caller has sufficient privileges to perform the corresponding -operation. - -III. Impact - -The oce(4) handler permits unprivileged users to send passthrough commands to -device firmware. - -IV. Workaround - -No workaround is available. Systems that do not contain devices driven by -oce(4) are unaffected. - -V. Solution - -Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date, -and reboot. - -Perform one of the following: - -1) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install -# shutdown -r +10min "Rebooting for a security update" - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch -# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch.asc -# gpg --verify if_oce_ioctl.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r356089 -releng/12.1/ r359139 -stable/11/ r356090 -releng/11.3/ r359139 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15876> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cJAuBAAnsnjdm2aTLo14rOiNHTNh0NqJPQTJ5F6MwE1P/nUlP5xM21GzDkyki7H -4AytZiCma6MCPzbc8aO6wGnc5zfSA1G/5TLetIgIQeyDQ8wRd0uhIoeO3NB3EXhz -KJkNqtyosmzKUSmq7V/WqYN7VOVceegvbvLXCMTYFkUmvJxYbB67s0upqydFBAD4 -j1ecKkNOIehV6cGColM3Dv7sJtVgdvaKg2ehW+AWR7UBOntIr/X3mVpkUE5Y2oLX -tpjuEbdraOpIw/ohKfvpZNPXnEFmhgxrRV4WRw8yFeMsEtLI2HyyUV4ysZrgMKB+ -LKxdhfd7HhIiGdoRZO4P60traRiRD+VfqU9Jt3xd9fO1t0MZYTS0R0Lqt9n3UPhR -26YcyrJgElaHIz8Viiw1U7Pdxila7b7gL+V4QVNSG00OqCKkdepgURRepzaz8Zhd -lrfLf+9vysPIL6RsJwDb77qYbu9kK/afGmadBVot6QGg6ovWVLUGd0pQFJuLihZl -YRocdxDO0lgF+w6llmp6ZidEjaScL7XG3yKG1DuoSa0tS+0eQU2U2hByJDzzzkTn -x7t7WU8o5gSRYDe68yuJHXiHWswA4IK+tkYf+h8fDhENDbt7PCo86Vq0Dixg3hoG -ak/KfomAAsnh6MfWNRlCWDXbe0p/yxYLPRHugDdrZ2IpX+uJWHs= -=pADZ ------END PGP SIGNATURE----- |