Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Announcements Operating Systems Security BSD

FreeBSD security Advisories: FreeBSD-SA-03:09.sign 78

Dan writes "FreeBSD security team has released two new advisories. The first advisory entitled "Insufficient range checking of signal numbers" could allow a malicious local user to use this vulnerability as a local denial-of-service attack. The second advisory "Kernel memory disclosure via ibcs2" could allow a malicious user to call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory containing sensitive information."
This discussion has been archived. No new comments can be posted.

FreeBSD security Advisories: FreeBSD-SA-03:09.sign

Comments Filter:
  • by DrSkwid ( 118965 ) on Monday August 11, 2003 @06:59AM (#6664343) Journal
    nah, who am I kidding

    the signal thing is more than a D.O.S. though

    However, in FreeBSD 5.x, the assertion code is not present if the
    `INVARIANTS' kernel option is not used. In FreeBSD 5.0-RELEASE and
    5.1-RELEASE, `INVARIANTS' is not enabled by default. In this
    configuration, a malicious local user could use this vulnerability
    to modify kernel memory, potentially leading to complete system
    compromise. (FreeBSD 4.x is not vulnerable in this way.)
  • by patch-rustem ( 641321 ) on Monday August 11, 2003 @07:33AM (#6664524) Homepage Journal
    ... to return a large portion of kernel memory containing sensitive information.

    What, like the sys admins porn [slashdot.org] collection.

  • by Anonymous Coward on Monday August 11, 2003 @08:03AM (#6664712)
    It's sort of interesting that this FreeBSD vulnerability is headlined with such a cryptic title. Now, if it were a vulnerability in Windows, it would probably have been titled 'New Windows Exploit crushes small furry animals mercilessly.'
    • Its not like someone could throw up an ActiveX enabled webpage, and root your box.

      The last few windows vulnerabilities have been a huge deal. Microsoft wouldnt bother to fix a hole this small unless someone made a worm for it.
  • by Farley Mullet ( 604326 ) on Monday August 11, 2003 @08:25AM (#6664837)

    If someone malicious has access to your computer, bad things can happen. It's good to see that the FreeBSD team is tightening things up, but the bottom line is that if someone has an account on a system and they're determined, they'll find a way to do some damage.

    • by Anonymous Coward
      Given all the big changes they've been making to the kernel, I'm not surprised that they're encountering un-dotted i's and uncrossed t's. That's one of the reasons that OpenBSD is the BSD with the fewest new features apart from those related directly to improving security. Theo is fond of saying that new features create new security holes. I wouldn't be too hard on the folks at FreeBSD though. It is -current they're concentrating on, after all.
  • by dodell ( 83471 ) <dodell@nOsPaM.sitetronics.com> on Monday August 11, 2003 @09:50AM (#6665488) Homepage
    Subscribe to this list, and you had this story about 12 hours ago. You also downloaded and updated your src tree and fixed the bug in a matter of a few minutes. Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?
    • by zenyu ( 248067 ) on Monday August 11, 2003 @10:23AM (#6665871)
      Subscribe to this list, and you had this story about 12 hours ago. You also downloaded and updated your src tree and fixed the bug in a matter of a few minutes. Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

      Prolly cuz the editor and poster were thinking of "only one remote security breach in the default configuration in seven years" OpenBSD. There are local user exploits found all the time in the Linux distros and in the BSDs, when remote vulnerabilities are found in any of them it usually does make it to /.

      But yeah, I usually read about and check my system based on security advisories before it ever makes it to slashdot.. prolly everyone else does as well which explains the 12 hour lag.
      • It's interesting to note that you need to have shell access to do anything to the FreeBSD systems affected.
        • As to why, is obvious, and the fact that with MS you do not, will eventually kill most Win servers! MS knows this and is the reason why they are implimenting Paladium, or fritz chip solutions. Make everything that runs on windows servers have traceable and revokeable security certificates. The mother of all shoot yourself in the foot security measures. The next few years are going to be very interesting for free software as alot of important people, especially the big ISPs start to get really pissed at Micr
    • by Anonymous Coward
      Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

      Because if they reported the Linux SAs, even the SCO stories would be lost the the tidal wave.
    • Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?
      1. They're fighting to get one BSD story per day. This is today's story.
      2. Like any news -- it's the unusaual that gets the attention. BSD SA's are unusual.
      3. we wanted to get a rise out of you -- we succeeded.
  • by mnmn ( 145599 ) on Monday August 11, 2003 @10:03AM (#6665625) Homepage
    I wouldnt worry about ibcs, always compile a kernel without it(and other binary compatibilities) for real usage. The statfs problem looks real and worrisome though. We've seen too many of similar problems where a user grabs large memory and reads the sensitive data.

    I wonder if a C-reading script could read all the source code and mark all the big mallocs/reallocs that users get access to.
  • Binary patches... (Score:4, Informative)

    by cperciva ( 102828 ) on Monday August 11, 2003 @12:25PM (#6667171) Homepage
    Binary patches aren't available for these advisories yet, but they will be soon (ETA 12 hours?)

    See my sig for details.
  • by ratfynk ( 456467 ) on Monday August 11, 2003 @02:02PM (#6668090) Journal
    Hmmm so let me get this straight, security flaw 2 send lots of requests to the hot mail server and get lots of core info back. So thats why Hot Mail works the way it does and all we get is spam!

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...