Re: [Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2093 - 36 msgs

[Danny <daygl0 () ns sympatico ca>]

There is a security update, I just noticed it.

<x-tad-smaller> Security Update 2004-12-02 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

Apache 
AppKit 
HIToolbox 
Kerberos 
Postfix 
PSNormalizer 
Safari 
Terminal 


For detailed information on this Update, please visit this website: </x-tad-smaller><x-tad-smaller>http://www.info.apple.com/kbnum/n61798</x-tad-smaller><x-tad-smaller> </x-tad-smaller>

On 2-Dec-04, at 3:32 PM, Randall Craig wrote:

> On Thu, 2 Dec 2004 10:58:02 -0600, Randall Craig <rgcraig () gmail com> wrote:
> Ok I am super duper new to this list and also new to *nix... i will
> never go back to M$ ceptin for gaming purposes... I am running on OS
> X.3.3 and was wanting to know if the Security Alert pertaining to
> FreeBSD would also affect my system. I know that BSD is running
> underneath OS X... I am fairly sure that Apple is aware of it by
> now-.
> thnx
>
> n0 r3m0r53
>
> ###############
>
> FreeBSD-SA-04:17.procfs                                     Security Advisory
>                                                          The FreeBSD Project
>
> Topic:          Kernel memory disclosure in procfs and linprocfs
>
> Category:       core
> Module:         sys
> Announced:      2004-12-01
> Credits:        Bryan Fulton, Ted Unangst, and the SWAT analysis tool
>                Coverity, Inc.
> Affects:        All FreeBSD releases
> Corrected:      2004-12-01 21:33:35 UTC (RELENG_5, 5.3-STABLE)
>                2004-12-01 21:34:23 UTC (RELENG_5_3, 5.3-RELEASE-p2)
>                2004-12-01 21:34:43 UTC (RELENG_5_2, 5.2.1-RELEASE-p13)
>                2004-12-01 21:33:57 UTC (RELENG_4, 4.10-STABLE)
>                2004-12-01 21:35:10 UTC (RELENG_4_10, 4.10-RELEASE-p5)
>                2004-12-01 21:35:57 UTC (RELENG_4_8, 4.8-RELEASE-p27)
> CVE Name:       CAN-2004-1066
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
>
> I.   Background
>
> The process file system, procfs(5), implements a view of the system
> process table inside the file system.  It is normally mounted on
> /proc, and is required for the complete operation of programs such as
> ps(1) and w(1).
>
> The Linux process file system, linprocfs(5), emulates a subset of
> Linux's process file system and is required for the complete operation
> of some Linux binaries.
>
> II.  Problem Description
>
> The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5)
> file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline
> pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process'
> argument vector from the process address space.  During this operation,
> a pointer was dereferenced directly without the necessary validation
> steps being performed.
>
> III. Impact
>
> A malicious local user could perform a local denial of service attack by
> causing a system panic; or he could read parts of kernel memory.  Such
> memory might contain sensitive information, such as portions of the file
> cache or terminal buffers.  This information might be directly useful, or
> it might be leveraged to obtain elevated privileges in some way.  For
> example, a terminal buffer might contain a user-entered password.
>
> FreeBSD 4.x does not implement the /proc/self/cmdline pseudofile in
> its linprocfs(5) file system, and is therefore only affected if the
> procfs(5) file system is mounted.
>
> In its default configuration, FreeBSD 5.x does not utilize procfs(5)
> or linprocfs(5) and will therefore be unaffected by this vulnerability
> unless the configuration is changed.
>
> IV.  Workaround
>
> Unmount the procfs and linprocfs file systems if they are mounted.
> Execute the following command as root:
>
>  umount -A -t procfs,linprocfs
>
> Also, remove or comment out any lines in fstab(5) that reference
> `procfs' or `linprocfs', so that they will not be re-mounted at next
> reboot.
>
> V.   Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
> RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated
> after the correction date.
>
> 2) To patch your present system:
>
> The following patches have been verified to apply to FreeBSD 4.8, 4.10,
> 5.2, and 5.3 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 4.x]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch.asc
>
> [FreeBSD 5.x]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch.asc
>
> b) Apply the patch.
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
> system.
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch                                                           Revision
>  Path
> - -------------------------------------------------------------------------
> RELENG_4
>  src/sys/miscfs/procfs/procfs_status.c                          1.20.2.6
> RELENG_4_10
>  src/UPDATING                                              1.73.2.90.2.6
>  src/sys/conf/newvers.sh                                   1.44.2.34.2.7
>  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.5.4.1
> RELENG_4_8
>  src/UPDATING                                             1.73.2.80.2.30
>  src/sys/conf/newvers.sh                                  1.44.2.29.2.28
>  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.8.2
> RELENG_5
>  src/sys/compat/linprocfs/linprocfs.c                           1.84.2.1
>  src/sys/fs/procfs/procfs_status.c                              1.52.2.1
> RELENG_5_3
>  src/UPDATING                                             1.342.2.13.2.5
>  src/sys/compat/linprocfs/linprocfs.c                           1.84.4.1
>  src/sys/conf/newvers.sh                                   1.62.2.15.2.7
>  src/sys/fs/procfs/procfs_status.c                              1.52.4.1
> RELENG_5_2
>  src/UPDATING                                                 1.282.2.21
>  src/sys/compat/linprocfs/linprocfs.c                           1.78.2.1
>  src/sys/conf/newvers.sh                                       1.56.2.20
>  src/sys/fs/procfs/procfs_status.c                              1.49.2.1
>
>
> ###############
> -- 
>
>
> R__|____||    C____
> |
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html