Date: Mon, 29 Apr 2013 21:56:02 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41521 - head/share/security/advisories Message-ID: <201304292156.r3TLu2P1007969@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Mon Apr 29 21:56:02 2013 New Revision: 41521 URL: http://svnweb.freebsd.org/changeset/doc/41521 Log: Revised advisory. Modified: head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Modified: head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:24:50 2013 (r41520) +++ head/share/security/advisories/FreeBSD-SA-13:05.nfsserver.asc Mon Apr 29 21:56:02 2013 (r41521) @@ -10,20 +10,27 @@ Topic: Insufficient input valid Category: core Module: nfsserver Announced: 2013-04-29 +Revised: 2013-04-29 Credits: Adam Nowacki Affects: All supported versions of FreeBSD. -Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE) - 2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8) - 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1) - 2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1) - 2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE) - 2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3) +Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE) + 2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8) + 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1) + 2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1) + 2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE) + 2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3) CVE Name: CVE-2013-3266 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. +0. Revision History + +v1.0 2013-04-29 Initial release. +v1.1 2013-04-29 Corrected patch URL. + Additional workaround information. + I. Background The Network File System (NFS) allows a host to export some or all of its @@ -75,6 +82,23 @@ following command: This will print 1 if the system is running the new NFS implementation, and 0 otherwise. +To switch to the old NFS implementation: + +1) Append the following lines to /etc/rc.conf: + + nfsv4_server_enable="no" + oldnfs_server_enable="yes" + +2) If the NFS server is compiled into the kernel (which is the case + for the stock GENERIC kernel), replace the NFSD option with the + NFSSERVER option, then recompile your kernel as described in + <URL:http://www.FreeBSD.org/handbook/kernelconfig.html>. + + If the NFS server is not compiled into the kernel, the correct + module will be loaded at boot time. + +3) Finally, reboot the system. + V. Solution Perform one of the following: @@ -90,8 +114,8 @@ FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. -# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch -# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc +# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch +# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc # gpg --verify nfsserver.patch.asc b) Apply the patch. @@ -118,11 +142,11 @@ corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- -stable/8/ r250058 -releng/8.3/ r250059 -releng/8.4/ r250062 -stable/9/ r250060 -releng/9.1/ r250061 +stable/8/ r250068 +releng/8.3/ r250069 +releng/8.4/ r250073 +stable/9/ r250070 +releng/9.1/ r250071 - ------------------------------------------------------------------------- VII. References @@ -133,7 +157,7 @@ The latest revision of this advisory is http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc -----BEGIN PGP SIGNATURE----- -iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q -9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ -=polM +iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4 +GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5 +=bbRm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304292156.r3TLu2P1007969>