FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2

Fernando Gont fgont at si6networks.com
Wed Aug 7 01:17:10 UTC 2019 

Folks,

Since FreeBSD ships with IPv6 support enabled by default, aren't all
systems affected, one way or another?

Thanks,
Fernando





> =============================================================================
> FreeBSD-SA-19:19.mldv2                                      Security Advisory
>                                                           The FreeBSD Project
> 
> Topic:          ICMPv6 / MLDv2 out-of-bounds memory access
> 
> Category:       core
> Module:         net
> Announced:      2019-08-06
> Credits:        CJD of Apple
> Affects:        All supported versions of FreeBSD.
> Corrected:      2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE)
>                 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9)
>                 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE)
>                 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2)
>                 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13)
> CVE Name:       CVE-2019-5608
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
> 
> I.   Background
> 
> MLDv2 is the Multicast Listener Discovery protocol, version 2.  It is used
> by IPv6 routers to discover multicast listeners.
> 
> II.  Problem Description
> 
> The ICMPv6 input path incorrectly handles cases where an MLDv2 listener
> query packet is internally fragmented across multiple mbufs.
> 
> III. Impact
> 
> A remote attacker may be able to cause an out-of-bounds read or write that
> may cause the kernel to attempt to access an unmapped page and subsequently
> panic.
> 
> IV.  Workaround
> 
> No workaround is available.  Systems not using IPv6 are not affected.
> 
> V.   Solution
> 
> Perform one of the following:
> 
> Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date,
> and reboot.
> 
> 1) To update your vulnerable system via a binary patch:
> 
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
> 
> # freebsd-update fetch
> # freebsd-update install
> # shutdown -r +10min "Reboot for security update"
> 
> 2) To update your vulnerable system via a source code patch:
> 
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> 
> [FreeBSD 11.2, FreeBSD 11.3]
> # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch
> # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc
> # gpg --verify mldv2.11.patch.asc
> 
> [FreeBSD 12.0]
> # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch
> # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc
> # gpg --verify mldv2.12.patch.asc
> 
> b) Apply the patch.  Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> 
> c) Recompile your kernel as described in
> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
> system.
> 
> VI.  Correction details
> 
> The following list contains the correction revision numbers for each
> affected branch.
> 
> Branch/path                                                      Revision
> -------------------------------------------------------------------------
> stable/12/                                                        r350648
> releng/12.0/                                                      r350644
> stable/11/                                                        r350650
> releng/11.3/                                                      r350644
> releng/11.2/                                                      r350644
> -------------------------------------------------------------------------
> 
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
> 
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
> 
> Or visit the following URL, replacing NNNNNN with the revision number:
> 
> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
> 
> VII. References
> 
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5608>
> 
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc>
> _______________________________________________
> freebsd-security-notifications at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
> To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe at freebsd.org"
> 

-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the freebsd-security mailing list