From owner-freebsd-security Thu Jun 27 12: 6:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from ac.wox.org (dsl-64-130-222-85.telocity.com [64.130.222.85]) by hub.freebsd.org (Postfix) with SMTP id CAAF937B43C for ; Thu, 27 Jun 2002 12:04:26 -0700 (PDT) Received: (qmail 35995 invoked by uid 1001); 27 Jun 2002 19:04:25 -0000 Date: Thu, 27 Jun 2002 12:04:25 -0700 From: Amit Chakradeo To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Message-ID: <20020627120425.C91402@ac.wox.org> Mail-Followup-To: freebsd-security@freebsd.org References: <200206261908.g5QJ8MOE035394@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200206261908.g5QJ8MOE035394@freefall.freebsd.org>; from security-advisories@freebsd.org on Wed, Jun 26, 2002 at 12:08:22PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is it just me, or is somebody else getting pgp key errors on freebsd advisories ? Here is what I get when I try to get the key from keyserver: gpg: requesting key 73D288A5 from HKP keyserver wwwkeys.us.pgp.net gpg: key 73D288A5: invalid self-signature on user id "FreeBSD Security Officer < security-officer@freebsd.org>" gpg: key 73D288A5: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 Here is what I get when I try to verify message after importing the key: gpg: Signature made Wed Jun 26 12:04:25 2002 PDT using RSA key ID 73D288A5 gpg: Can't check signature: public key not found What gives ? Shouldn't we be looking at these things ? Thanks Amit P.S. I can verify other advisories fine (NetBSD etc.) so there mustn't be a client/gpg setup problem... On Wed, Jun 26, 2002 at 12:08:22PM -0700, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-02:28.resolv Security Advisory > The FreeBSD Project > > Topic: buffer overflow in resolver > > Category: core > Module: libc > Announced: 2002-06-26 > Credits: Joost Pol > Affects: All releases prior to and including 4.6-RELEASE > Corrected: 2002-06-26 06:34:18 UTC (RELENG_4) > 2002-06-26 08:44:24 UTC (RELENG_4_6) > 2002-06-26 18:53:20 UTC (RELENG_4_5) > FreeBSD only: NO > > I. Background > > The resolver implements functions for making, sending and interpreting > query and reply messages with Internet domain name servers. > Hostnames, IP addresses, and other information are queried using the > resolver. > > II. Problem Description > > DNS messages have specific byte alignment requirements, resulting in > padding in messages. In a few instances in the resolver code, this > padding is not taken into account when computing available buffer > space. As a result, the parsing of a DNS message may result in a > buffer overrun of up to a few bytes for each record included in the > message. > > III. Impact > > An attacker (either a malicious domain name server or an agent that > can spoof DNS messages) may produce a specially crafted DNS message > that will exploit this bug when parsed by an application using the > resolver. It may be possible for such an exploit to result in the > execution of arbitrary code with the privileges of the resolver-using > application. Though no exploits are known to exist today, since > practically all Internet applications utilize the resolver, the > severity of this issue is high. > > IV. Workaround > > There is currently no workaround. > > V. Solution > > Do one of the following: > > 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6 > or RELENG_4_5 security branch dated after the correction date > (4.6-RELEASE-p1 or 4.5-RELEASE-p7). > > 2) To patch your present system: > > The following patch has been verified to apply to FreeBSD 4.5 and > FreeBSD 4.6 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating systems as described in > . > > Note that any statically linked applications that are not part of > the base system (i.e. from the Ports Collection or other 3rd-party > sources) must be recompiled. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Path Revision > Branch > - ------------------------------------------------------------------------- > src/lib/libc/net/gethostbydns.c > RELENG_4 1.27.2.2 > RELENG_4_6 1.27.10.1 > RELENG_4_5 1.27.8.1 > src/lib/libc/net/getnetbydns.c > RELENG_4 1.13.2.2 > RELENG_4_6 1.13.2.1.8.1 > RELENG_4_5 1.13.2.1.6.1 > src/lib/libc/net/name6.c > RELENG_4 1.6.2.6 > RELENG_4_6 1.6.2.5.8.1 > RELENG_4_5 1.6.2.5.6.1 > src/sys/conf/newvers.sh > RELENG_4_6 1.44.2.23.2.2 > RELENG_4_5 1.44.2.20.2.8 > - ------------------------------------------------------------------------- > > VII. References > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (FreeBSD) > > iQCVAwUBPRoQOVUuHi5z0oilAQG3cAP/d7Gb2rdkSjZKCR0NI+QzMibgySVTXOtF > sdoJrYka/XnIpFMVAyXl36bibtRKbwfCyv/rEX39YSas7tqReizwAABoaRF956Qb > qlek1ONvvd+Tj6+WpEEueX/VdPqGQuqMk0BoguIbOgwAya6ZFYJ9ZKAHHSN9YqO8 > ZGTC8pmqfGI= > =s76v > -----END PGP SIGNATURE----- > > This is the moderated mailing list freebsd-announce. > The list contains announcements of new FreeBSD capabilities, > important events and project milestones. > See also the FreeBSD Web pages at http://www.freebsd.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message