[olug] Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6

Brian Roberson roberson at olug.org
Mon Mar 29 17:34:35 UTC 2004 

----- Original Message ----- 
From: "FreeBSD Security Advisories" <security-advisories at freebsd.org>
To: "FreeBSD Security Advisories" <security-advisories at freebsd.org>
Sent: Monday, March 29, 2004 8:15 AM
Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
============================================================================
=
> FreeBSD-SA-04:06.ipv6                                       Security
Advisory
>                                                           The FreeBSD
Project
>
> Topic:          setsockopt(2) IPv6 sockets input validation error
>
> Category:       core
> Module:         kernel
> Announced:      2004-03-29
> Credits:        Katsuhisa ABE, Colin Percival
> Affects:        FreeBSD 5.2-RELEASE
> Corrected:      2004-03-29 14:01:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p4)
> CVE Name:       CAN-2004-0370
> FreeBSD only:   YES
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
>
> I.   Background
>
> IPv6 is a new Internet Protocol, designed to replace (and avoid many of
> the problems with) the current Internet Protocol (version 4).  FreeBSD
> uses the KAME Project IPv6 implementation.
>
> Applications may manipulate the behavior of an IPv6 socket using the
> setsockopt(2) system call.
>
> II.  Problem Description
>
> A programming error in the handling of some IPv6 socket options within
> the setsockopt(2) system call may result in memory locations being
> accessed without proper validation.  While the problem originates in
> code from the KAME Project, it does not affect other operating systems.
>
> III. Impact
>
> It may be possible for a local attacker to read portions of kernel
> memory, resulting in disclosure of sensitive information.  A local
> attacker can cause a system panic.
>
> IV.  Workaround
>
> Do one of the following:
>
> 1) Disable IPv6 entirely by following these steps:
>
>    - Remove or comment out any lines mentioning `INET6' from your
>      kernel configuration file, and recompile your kernel as described
>      in <URL:http://www.freebsd.org/handbook/kernelconfig.html>.
>
>    - Reboot your system.
>
> 2) If all untrusted users are confined within a jail(8), ensure that
> the security.jail.socket_unixiproute_only sysctl is set to 1 and
> verify that no IPv6 sockets are currently open:
>
> # sysctl security.jail.socket_unixiproute_only=1
> # sockstat -6
>
> This will restrict jailed processes to creating UNIX domain, IPv4, and
> routing sockets, which are not vulnerable to this problem; note however
> that processes inside a jail may still be able to inherit IPv6 sockets
> from outside the jail, so this may not be sufficient for all systems.
>
> V.   Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to the RELENG_5_2 security branch
> dated after the correction date.
>
> 2) To patch your present system:
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile the kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
> system.
>
> d) Install updated kernel headers.
>
> # cd /usr/src/include
> # make install
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch                                                           Revision
>   Path
> - ------------------------------------------------------------------------
-
> RELENG_5_2
>   src/UPDATING                                                 1.282.2.12
>   src/sys/netinet6/ip6_output.c                                  1.71.2.2
>   src/sys/netinet/ip6.h                                          1.10.2.1
>   src/sys/conf/newvers.sh                                       1.56.2.11
> - ------------------------------------------------------------------------
-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (FreeBSD)
>
> iD8DBQFAaC6kFdaIBMps37IRAiCBAJ9ATb8FTKysuJvwlU8E0YOArWwP1gCcCCpw
> rK7VXiZuLwD1zZmBepSHCt4=
> =FLqJ
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to
"freebsd-announce-unsubscribe at freebsd.org"
>

More information about the OLUG mailing list