Date: Wed, 06 Dec 2006 12:40:04 -0500 From: Tom McLaughlin <tmclaugh@sdf.lonestar.org> To: FreeBSD Gnome <gnome@freebsd.org> Subject: For HAL users: [Fwd: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem] Message-ID: <1165426804.2231.4.camel@localhost>
next in thread | raw e-mail | index | archive | help
This affects anyone with HAL setup properly according to our port's defaults and uses firewire. I like changing the default group to wheel since most Gnome users on Free will probably already be a part of wheel. I'll stop beating the dead horse now. ;) tom -------- Forwarded Message -------- > From: FreeBSD Security Advisories <security-advisories@freebsd.org> > Reply-To: security-advisories@freebsd.org > To: FreeBSD Security Advisories <security-advisories@freebsd.org> > Subject: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem > Date: Wed, 6 Dec 2006 09:33:14 GMT > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-06:25.kmem Security Advisory > The FreeBSD Project > > Topic: Kernel memory disclosure in firewire(4) > > Category: core > Module: sys_dev > Announced: 2006-12-06 > Credits: Rodrigo Rubira Branco > Affects: All FreeBSD releases. > Corrected: 2006-12-06 09:13:51 UTC (RELENG_6, 6.2-STABLE) > 2006-12-06 09:14:23 UTC (RELENG_6_2, 6.2-RC2) > 2006-12-06 09:14:59 UTC (RELENG_6_1, 6.1-RELEASE-p11) > 2006-12-06 09:15:40 UTC (RELENG_6_0, 6.0-RELEASE-p16) > 2006-12-06 09:16:17 UTC (RELENG_5, 5.5-STABLE) > 2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9) > 2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE) > 2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26) > CVE Name: CVE-2006-6013 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > The firewire(4) driver provides support for IEEE 1394 ("FireWire") > interfaces. This driver provides some of its functionality via the > ioctl(2) system call. > > II. Problem Description > > In the FW_GCROM ioctl, a signed integer comparison is used instead of > an unsigned integer comparison when computing the length of a buffer > to be copied from the kernel into the calling application. > > III. Impact > > A user in the "operator" group can read the contents of kernel memory. > Such memory might contain sensitive information, such as portions of > the file cache or terminal buffers. This information might be directly > useful, or it might be leveraged to obtain elevated privileges in some > way; for example, a terminal buffer might include a user-entered > password. > > IV. Workaround > > No workaround is available, but systems without IEEE 1394 ("FireWire") > interfaces are not vulnerable. (Note that systems with IEEE 1394 > interfaces are affected regardless of whether any devices are attached.) > > Note also that FreeBSD does not have any non-root users in the "operator" > group by default; systems on which no users have been added to this group > are therefore also not vulnerable. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, > or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, or RELENG_4_11 security > branch dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 4.11, 5.5, > 6.0, and 6.1 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch > # fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:http://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_4 > src/sys/dev/firewire/fwdev.c 1.2.4.17 > RELENG_4_11 > src/UPDATING 1.73.2.91.2.27 > src/sys/conf/newvers.sh 1.44.2.39.2.30 > src/sys/dev/firewire/fwdev.c 1.2.4.16.4.1 > RELENG_5 > src/sys/dev/firewire/fwdev.c 1.44.2.2 > RELENG_5_5 > src/UPDATING 1.342.2.35.2.9 > src/sys/conf/newvers.sh 1.62.2.21.2.11 > src/sys/dev/firewire/fwdev.c 1.44.2.1.4.1 > RELENG_6 > src/sys/dev/firewire/fwdev.c 1.46.2.2 > RELENG_6_2 > src/UPDATING 1.416.2.29.2.1 > src/sys/dev/firewire/fwdev.c 1.46.2.1.6.1 > RELENG_6_1 > src/UPDATING 1.416.2.22.2.13 > src/sys/conf/newvers.sh 1.69.2.11.2.13 > src/sys/dev/firewire/fwdev.c 1.46.2.1.4.1 > RELENG_6_0 > src/UPDATING 1.416.2.3.2.21 > src/sys/conf/newvers.sh 1.69.2.8.2.17 > src/sys/dev/firewire/fwdev.c 1.46.2.1.2.1 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6013 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (FreeBSD) > > iD8DBQFFdo1QFdaIBMps37IRAj4vAJ4vzhNk4MBkhAxsmeIAA0UgnXXOwACfY+Oe > WhWIJLjTgqq+T3ZpySyRCNo= > =FbZj > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | | BSD# http://www.mono-project.com/Mono:FreeBSD |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1165426804.2231.4.camel>