FreeBSD Security Advisory FreeBSD-SA-13:02.libc

Jason Hellenthal jhellenthal at DataIX.net
Tue Feb 19 18:54:21 UTC 2013


No running daemons with listening ports effected that could trigger it?

-- 
 Jason Hellenthal
 JJH48-ARIN
 - (2^(N-1))


On Feb 19, 2013, at 10:48, "Philip M. Gollucci" <pgollucci at p6m7g8.com> wrote:

> This is an internal only vuln with local user account.  I see no need to
> rush this one.  We'll pick it up at a later date.
> 
> 
> On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories <
> security-advisories at freebsd.org> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> 
>> =============================================================================
>> FreeBSD-SA-13:02.libc                                       Security
>> Advisory
>>                                                          The FreeBSD
>> Project
>> 
>> Topic:          glob(3) related resource exhaustion
>> 
>> Category:       core
>> Module:         libc
>> Announced:      2013-02-19
>> Affects:        All supported versions of FreeBSD.
>> Corrected:      2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
>>                2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
>>                2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
>>                2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
>>                2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
>> CVE Name:       CVE-2010-2632
>> 
>> For general information regarding FreeBSD Security Advisories,
>> including descriptions of the fields above, security branches, and the
>> following sections, please visit <URL:http://security.FreeBSD.org/>.
>> 
>> I.   Background
>> 
>> The glob(3) function is a pathname generator that implements the rules for
>> file name pattern matching used by the shell.
>> 
>> II.  Problem Description
>> 
>> GLOB_LIMIT is supposed to limit the number of paths to prevent against
>> memory or CPU attacks.  The implementation however is insufficient.
>> 
>> III. Impact
>> 
>> An attacker that is able to exploit this vulnerability could cause
>> excessive
>> memory or CPU usage, resulting in a Denial of Service.  A common target for
>> a remote attacker could be ftpd(8).
>> 
>> IV.  Workaround
>> 
>> No workaround is available.
>> 
>> V.   Solution
>> 
>> Perform one of the following:
>> 
>> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
>> release / security branch (releng) dated after the correction date.
>> 
>> 2) To update your vulnerable system via a source code patch:
>> 
>> The following patches have been verified to apply to the applicable
>> FreeBSD release branches.
>> 
>> a) Download the relevant patch from the location below, and verify the
>> detached PGP signature using your PGP utility.
>> 
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc
>> # gpg --verify libc.patch.asc
>> 
>> b) Execute the following commands as root:
>> 
>> # cd /usr/src
>> # patch < /path/to/patch
>> 
>> Recompile the operating system using buildworld and installworld as
>> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
>> 
>> Restart all daemons, or reboot the system.
>> 
>> 3) To update your vulnerable system via a binary patch:
>> 
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>> 
>> # freebsd-update fetch
>> # freebsd-update install
>> 
>> Restart all daemons, or reboot the system.
>> 
>> VI.  Correction details
>> 
>> The following list contains the revision numbers of each file that was
>> corrected in FreeBSD.
>> 
>> Branch/path                                                      Revision
>> - -------------------------------------------------------------------------
>> stable/7/                                                         r246357
>> releng/7.4/                                                       r246989
>> stable/8/                                                         r246357
>> releng/8.3/                                                       r246989
>> stable/9/                                                         r246357
>> releng/9.0/                                                       r246989
>> releng/9.1/                                                       r246989
>> - -------------------------------------------------------------------------
>> 
>> VII. References
>> 
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
>> 
>> The latest revision of this advisory is available at
>> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.12 (FreeBSD)
>> 
>> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv
>> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4
>> =mCPv
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
>> "
>> 
> 
> 
> 
> -- 
> ---------------------------------------------------------------------------------------------
> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
> Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
> Member,                           Apache Software Foundation
> Committer,                        FreeBSD Foundation
> Consultant,                       P6M7G8 Inc.
> Director Operations,      Ridecharge Inc.
> 
> Work like you don't need the money,
> love like you'll never get hurt,
> and dance like nobody's watching.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"


More information about the freebsd-security mailing list