From owner-freebsd-announce Thu Aug 16 21:24:40 2001 Delivered-To: freebsd-announce@freebsd.org Received: from vnode.vmunix.com (vnode.vmunix.com [209.112.4.20]) by hub.freebsd.org (Postfix) with ESMTP id BD9A437B40A for ; Thu, 16 Aug 2001 21:21:04 -0700 (PDT) (envelope-from chrisc@vmunix.com) Received: by vnode.vmunix.com (Postfix, from userid 1005) id CABB313; Fri, 17 Aug 2001 00:21:03 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by vnode.vmunix.com (Postfix) with ESMTP id B0B2F49A15 for ; Fri, 17 Aug 2001 00:21:03 -0400 (EDT) Date: Fri, 17 Aug 2001 00:21:03 -0400 (EDT) From: Chris Coleman To: announce@freebsd.org Subject: Book for users new to FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Annelise Anderson has written a book about FreeBSD aimed at users who are new to FreeBSD. "This book is a friendly, task-oriented introduction to FreeBSD, a free, open-source, industrial strength operating system that runs on a personal computer (the same computer that runs Microsoft Windows) for users new to both FreeBSD and UNIX." More Information can be found at: http://daily.daemonnews.org/view_story.php3?story_id=2309 http://mall.daemonnews.org/?page=shop/flypage&product_id=1062 Chris Coleman Editor in Chief Daemon News E-Zine http://www.daemonnews.org Print Magazine http://magazine.daemonnews.org Open Packages http://www.openpackages.org BSD Mall http://www.bsdmall.com This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Thu Aug 16 23:31: 7 2001 Delivered-To: freebsd-announce@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 40F7937B408; Thu, 16 Aug 2001 23:30:57 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from kris@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f7H6Uvb68765; Thu, 16 Aug 2001 23:30:57 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Thu, 16 Aug 2001 23:30:57 -0700 (PDT) Message-Id: <200108170630.f7H6Uvb68765@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:40.fts [REVISED] Reply-To: security-advisories@FreeBSD.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:40 Security Advisory FreeBSD, Inc. Topic: fts(3) routines contain race condition [REVISED] Category: core Module: libc Announced: 2001-06-04 Revised: 2001-08-16 Credits: Nick Cleaton Todd Miller helped to develop the patch. Affects: FreeBSD 4.3-RELEASE, 4.3-STABLE prior to the correction date. Corrected: 2001-06-01 FreeBSD only: NO 0. Revision History 2001-06-04 v1.0 Initial release 2001-08-16 v1.1 Corrected typo in recompilation instructions I. Background The standard C library (libc) contains a set of routines known as fts which allow an application to recursively traverse a filesystem. II. Problem Description The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the application to ascend beyond the starting point of the file traversal, and enter other parts of the filesystem. If the fts routines are being used by an application to perform operations on the filesystem hierarchy, such as find(1) with a keyword such as -exec or -delete, or rm(1) with the -r flag, these operations can be incorrectly applied to files outside the intended hierarchy, which may result in system damage or compromise. All versions of FreeBSD prior to the correction date including 4.3-RELEASE are vulnerable to this problem. III. Impact Local users may be able to remove or modify files on the local system which are owned or writable by a user running a command that uses the FTS routines in a vulnerable way. If the system administrator has enabled the daily_clean_tmps_enable variable in /etc/periodic.conf, the find -delete command is run once per day, allowing unauthorised removal of files on the system. This option is not enabled by default. IV. Workaround None appopriate for the general vulnerability. The instance exposed by the daily_clean_tmps_enable setting can be prevented by disabling this switch in /etc/periodic.conf, if it has been enabled. V. Solution One of the following: 1) As of FreeBSD 4.3-RELEASE, we have introduced a new ``security fix CVS branch'' which contains security fixes only, which can be tracked using the standard FreeBSD tools (cvsup/CVS/etc). The branch name is ``RELENG_4_3''. Upgrade your vulnerable FreeBSD system to the RELENG_4_3 branch after the correction date. 2) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the correction dates. 3) To patch your present system: download the relevant patch from the below location, and execute the following commands as root: [FreeBSD 4.3 base system] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch.asc Verify the detached PGP signature using your PGP utility. # cd /usr/src/lib/libc # patch -p < /path/to/patch # make depend && make all install # cd /usr/src/lib/libc_r # make depend && make all install # cd /usr/src/bin/chmod # make depend && make all install # cd /usr/src/bin/cp # make depend && make all install # cd /usr/src/bin/ls # make depend && make all install # cd /usr/src/bin/pax # make depend && make all install # cd /usr/src/bin/rm # make depend && make all install # cd /usr/src/usr.bin/chflags # make depend && make all install # cd /usr/src/usr.bin/du # make depend && make all install # cd /usr/src/usr.bin/find # make depend && make all install # cd /usr/src/libexec/ftpd # make depend && make all install # cd /usr/src/usr.sbin/chown # make depend && make all install # cd /usr/src/usr.sbin/ckdist # make depend && make all install # cd /usr/src/usr.sbin/ctm # make depend && make all install # cd /usr/src/usr.sbin/mtree # make depend && make all install # cd /usr/src/usr.sbin/pkg_install # make depend && make all install This patch has been verified to apply to FreeBSD 4.3-RELEASE and 4.2-RELEASE; it may or may not apply to older, unsupported versions of FreeBSD. 4) An experimental upgrade package is available for adventurous users who wish to provide testing and feedback on the binary upgrade process. This package may be installed on FreeBSD 4.3-RELEASE systems only, and is intended for use on systems for which source patching is not practical or convenient. Since this is the first binary upgrade package produced for the FreeBSD base system, it is not recommended that this be used on production systems without first being tested on a scratch machine; since the package replaces critical system files, a failed upgrade can leave a system in an unusable state. During the installation procedure, backup copies are made of the files which are replaced by the package. These backup copies will be reinstalled if the package is removed, reverting the system to a pre-patch state. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz.asc Verify the detached PGP signature using your PGP utility. Bring the system down to single-user mode; this package should not be installed from multi-user mode. If it desired to remove the package at a later date, you should again do so from single-user mode. # shutdown now # pkg_add security-patch-fts-01.40 Follow the directions given after the installation of the package to complete the system upgrade. To bring the system back up to multi-user mode, type the following command: # exit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBO3y5tFUuHi5z0oilAQF6PwP/fFXgo2bL/IlDleuWCQsVB/C1By8QPL5J Z0Hi4yl28Z8hEGRTI8qK2UXIliskU+ixlD0j9N6yxJDe17KIY/4w3gGJGsux3J7j TSHXZOfsX0CE61Jssm9kUpOzilwJBOhRvii0BSso7njtVIQpFpWBgIMne+lNluFe S7SZsk6sqgg= =K6yG -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Aug 17 14:39:22 2001 Delivered-To: freebsd-announce@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0EC6037B40C; Fri, 17 Aug 2001 14:39:09 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Received: (from kris@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f7HLcHS33278; Fri, 17 Aug 2001 14:38:17 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Fri, 17 Aug 2001 14:38:17 -0700 (PDT) Message-Id: <200108172138.f7HLcHS33278@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:53.ipfw Reply-To: security-advisories@FreeBSD.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:53 Security Advisory FreeBSD, Inc. Topic: ipfw `me' on P2P interfaces matches remote address Category: core Module: ipfw Announced: 2001-08-17 Credits: Igor M Podlesny Affects: FreeBSD 4-STABLE after February 20, 2001 and prior to the correction date FreeBSD 4.3-RELEASE Corrected: 2001-07-17 10:50:01 UTC (FreeBSD 4.3-STABLE) 2001-07-18 06:56:23 UTC (RELENG_4_3) FreeBSD only: YES I. Background ipfw is a system facility which allows IP packet filtering, redirecting, and traffic accounting. ipfw `me' rules are filter rules that specify a source or destination address of `me', intended to match any IP address configured on a local interface. II. Problem Description A flaw in the implementation of the ipfw `me' rules when used in conjunction with point-to-point interfaces results in filter rules which match the remote IP address of the point-to-point interface in addition to the intended local IP address. III. Impact IP datagrams with a source or destination IP address of a remote point-to-point link may be handled in a way unintended by the system administrator. For example, given an interface such as tun0: flags=8051 mtu 1500 inet 1.1.1.1 --> 2.2.2.2 netmask 0xff000000 and this ipfw rule: 00010 allow ip from me to any packets with a source address of 2.2.2.2 would be allowed to pass when the administrator may have reasonably expected it not to match this rule. IV. Workaround Do not use ipfw `me' rules. Rewrite any existing `me' rules to use explicit IP addresses. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the RELENG_4_3 security branch after the respective correction dates. 2) FreeBSD 4.x systems prior to the correction date: The following patches have been verified to apply to FreeBSD 4.3-RELEASE and 4-STABLE dated prior to the correction date. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch.asc # cd /usr/src # patch -p < /path/to/patch # install -c -m 0444 -o root -g wheel /usr/src/sys/netinet/in_var.h /usr/include/netinet/ # cd /usr/src/sbin/ipfw # make depend && make all install The following steps will be different depending upon whether your system has ipfw compiled into the kernel or is using the ipfw KLD. If the output of `kldstat' includes `ipfw.ko', then you are using the KLD and should follow the directions listed in (2a) below. Otherwise, if your kernel configuration file contains the line `options IPFIREWALL', you should follow the directions listed in (2b) below. 2a) Execute the following commands as root: # cd /usr/src/sys/modules/ipfw # make depend && make all install 2b) Rebuild and reinstall your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html In either case 2a) or 2b), you must reboot your system to load the new module or kernel. 3) FreeBSD 4.3-RELEASE systems: An experimental upgrade package is available for users who wish to provide testing and feedback on the binary upgrade process. This package may be installed on FreeBSD 4.3-RELEASE systems only, and is intended for use on systems for which source patching is not practical or convenient. If you use the upgrade package, feedback (positive or negative) to security-officer@FreeBSD.org is requested so we can improve the process for future advisories. During the installation procedure, backup copies are made of the files which are replaced by the package. These backup copies will be reinstalled if the package is removed, reverting the system to a pre-patched state. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz.asc Verify the detached PGP signature using your PGP utility. # pkg_add security-patch-ipfw-01:53.tgz Restart your system after applying the patch. VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected, for the supported branches of FreeBSD. The $FreeBSD$ revision of installed sources can be examined using the ident(1) command. [FreeBSD 4.3-STABLE] Revision Path 1.33.4.1 src/sys/netinet/in_var.h [RELENG_4_3] Revision Path 1.33.2.2 src/sys/netinet/in_var.h VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBO32OK1UuHi5z0oilAQGFaAQAoeOYBYHehpMs28K1K4BKneLF4/KBfel/ NGmGslQVe4DHxiIfV2WWyQw1KjH/N8NSOiBsri8+pMZkFaOyBw1Q41vUCd+2pZW1 97qYWj6aWjIlpNm9/zOPnWN6smge4OZ7UCqX1+VsP6nf8VBrEfOYl44hl82oCMk9 S9NvqSOqDsI= =HqMM -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message