FreeBSD Security Advisory FreeBSD-SA-13:02.libc
Jason Hellenthal
jhellenthal at DataIX.net
Tue Feb 19 18:54:21 UTC 2013
No running daemons with listening ports effected that could trigger it?
--
Jason Hellenthal
JJH48-ARIN
- (2^(N-1))
On Feb 19, 2013, at 10:48, "Philip M. Gollucci" <pgollucci at p6m7g8.com> wrote:
> This is an internal only vuln with local user account. I see no need to
> rush this one. We'll pick it up at a later date.
>
>
> On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories <
> security-advisories at freebsd.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> =============================================================================
>> FreeBSD-SA-13:02.libc Security
>> Advisory
>> The FreeBSD
>> Project
>>
>> Topic: glob(3) related resource exhaustion
>>
>> Category: core
>> Module: libc
>> Announced: 2013-02-19
>> Affects: All supported versions of FreeBSD.
>> Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
>> 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
>> 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
>> 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
>> 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
>> 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
>> 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
>> CVE Name: CVE-2010-2632
>>
>> For general information regarding FreeBSD Security Advisories,
>> including descriptions of the fields above, security branches, and the
>> following sections, please visit <URL:http://security.FreeBSD.org/>.
>>
>> I. Background
>>
>> The glob(3) function is a pathname generator that implements the rules for
>> file name pattern matching used by the shell.
>>
>> II. Problem Description
>>
>> GLOB_LIMIT is supposed to limit the number of paths to prevent against
>> memory or CPU attacks. The implementation however is insufficient.
>>
>> III. Impact
>>
>> An attacker that is able to exploit this vulnerability could cause
>> excessive
>> memory or CPU usage, resulting in a Denial of Service. A common target for
>> a remote attacker could be ftpd(8).
>>
>> IV. Workaround
>>
>> No workaround is available.
>>
>> V. Solution
>>
>> Perform one of the following:
>>
>> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
>> release / security branch (releng) dated after the correction date.
>>
>> 2) To update your vulnerable system via a source code patch:
>>
>> The following patches have been verified to apply to the applicable
>> FreeBSD release branches.
>>
>> a) Download the relevant patch from the location below, and verify the
>> detached PGP signature using your PGP utility.
>>
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch
>> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc
>> # gpg --verify libc.patch.asc
>>
>> b) Execute the following commands as root:
>>
>> # cd /usr/src
>> # patch < /path/to/patch
>>
>> Recompile the operating system using buildworld and installworld as
>> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
>>
>> Restart all daemons, or reboot the system.
>>
>> 3) To update your vulnerable system via a binary patch:
>>
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>>
>> # freebsd-update fetch
>> # freebsd-update install
>>
>> Restart all daemons, or reboot the system.
>>
>> VI. Correction details
>>
>> The following list contains the revision numbers of each file that was
>> corrected in FreeBSD.
>>
>> Branch/path Revision
>> - -------------------------------------------------------------------------
>> stable/7/ r246357
>> releng/7.4/ r246989
>> stable/8/ r246357
>> releng/8.3/ r246989
>> stable/9/ r246357
>> releng/9.0/ r246989
>> releng/9.1/ r246989
>> - -------------------------------------------------------------------------
>>
>> VII. References
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
>>
>> The latest revision of this advisory is available at
>> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.12 (FreeBSD)
>>
>> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv
>> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4
>> =mCPv
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
>> "
>>
>
>
>
> --
> ---------------------------------------------------------------------------------------------
> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
> Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
> Member, Apache Software Foundation
> Committer, FreeBSD Foundation
> Consultant, P6M7G8 Inc.
> Director Operations, Ridecharge Inc.
>
> Work like you don't need the money,
> love like you'll never get hurt,
> and dance like nobody's watching.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list