Date: Sun, 25 Jul 2010 22:10:42 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: ajtiM <lumiwa@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: portaudit Message-ID: <4C4CA852.9070005@infracaninophile.co.uk> In-Reply-To: <201007251306.30579.lumiwa@gmail.com> References: <201007251306.30579.lumiwa@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2DBC0CEE27BA4338F5AC09A5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 25/07/2010 19:06:30, ajtiM wrote: > Hi! > portaudit -a shows: >=20 > Affected package: mDNSResponder-214 > Type of problem: mDNSResponder -- corrupted stack crash when parsing ba= d=20 > resolv.conf. > Reference:=20 > <http://portaudit.FreeBSD.org/1cd87e2a-81e3-11df-81d8-00262d5ed8ee.html= > >=20 > Affected package: opera-10.10.20091120_2 > Type of problem: opera -- Data URIs can be used to allow cross-site scr= ipting. > Reference:=20 > <http://portaudit.FreeBSD.org/77b9f9bc-7fdf-11df-8a8d-0008743bf21a.html= > >=20 > Affected package: linux-f10-pango-1.22.3_1 > Type of problem: pango -- integer overflow. > Reference: <http://portaudit.FreeBSD.org/4b172278-3f46-11de- > becb-001cc0377035.html> >=20 > 3 problem(s) in your installed packages found. >=20 > You are advised to update or deinstall the affected package(s) immediat= ely. >=20 > Do I need to deinstall those ports or is safe anyway? No, it's not in any way "safe" to ignore what portaudit tells you. However that does not mean that you necessarily have to delete the referenced packages. What you need to do is read the referenced vuXML data, look at the reports referenced therein and decide if: a) The vulnerability affects you, given your usage patterns. For instance, you might be running a server where all users also have root access, in which case, you don't need to worry about privilege escalation attacks from logged in users. b) The vulnerability affects you, but you can mitigate or prevent any attack. Eg. you can cause a vulnerable daemon to bind only to the loopback interface, or apply strict firewall rules to prevent attacks over the network. c) The software in question is mission critical, and removing it would have a worse effect on you than some possible exploit. If the software fails all of the above, then yes, you should certainly remove it. Otherwise, you need to keep an eye out for any updates or fixes and apply them ASAP. In the particular case of linux-f10-pango -- this is a long standing vulnerability with no real prospect of a software patch becoming available. Unfortunately that port is a vital part of the linuxulator, so a lot of people are keeping it installed under case (c). mDNSResponse can be fixed by a very simple patch, and exploiting the bug depends on being able to control the contents of /etc/resolv.conf, which pretty much implies the attacker would already have root access to your machine. Keep an eye out for when the update hits the ports and apply it as soon as possible. The opera bug is more severe. Your vulnerability to it depends on your usage patterns with that browser. It looks like the opera devs are on the case, but in the mean time it might be an idea to switch to using an alternate browser temporarily. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig2DBC0CEE27BA4338F5AC09A5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxMqFkACgkQ8Mjk52CukIxFBwCghW31fHwMlLSRlewEkVIhgNxa Y1kAn16AkSWMy1sqFEmqLsKgx4s0vQjI =K4tL -----END PGP SIGNATURE----- --------------enig2DBC0CEE27BA4338F5AC09A5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C4CA852.9070005>