Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv

From: Chris (r-c-e@zorgco.com)
Date: 06/28/02


Date: Fri, 28 Jun 2002 12:35:44 +1000
From: "Chris" <r-c-e@zorgco.com>
To: security@freebsd.org


Sorry for the newbie question but here goes.

Anyone know if we can just recompile kernel after patch? (i.e make make install) or do we have to update src and make world?

Any help is greatly appreciated.

Chris
-------------------------------------------------------------------

On 26/06/2002 at 12:08 PM FreeBSD Security Advisories wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>=============================================================================
>FreeBSD-SA-02:28.resolv Security
>Advisory
> The FreeBSD
>Project
>
>Topic: buffer overflow in resolver
>
>Category: core
>Module: libc
>Announced: 2002-06-26
>Credits: Joost Pol <joost@pine.nl>
>Affects: All releases prior to and including 4.6-RELEASE
>Corrected: 2002-06-26 06:34:18 UTC (RELENG_4)
> 2002-06-26 08:44:24 UTC (RELENG_4_6)
> 2002-06-26 18:53:20 UTC (RELENG_4_5)
>FreeBSD only: NO
>
>I. Background
>
>The resolver implements functions for making, sending and interpreting
>query and reply messages with Internet domain name servers.
>Hostnames, IP addresses, and other information are queried using the
>resolver.
>
>II. Problem Description
>
>DNS messages have specific byte alignment requirements, resulting in
>padding in messages. In a few instances in the resolver code, this
>padding is not taken into account when computing available buffer
>space. As a result, the parsing of a DNS message may result in a
>buffer overrun of up to a few bytes for each record included in the
>message.
>
>III. Impact
>
>An attacker (either a malicious domain name server or an agent that
>can spoof DNS messages) may produce a specially crafted DNS message
>that will exploit this bug when parsed by an application using the
>resolver. It may be possible for such an exploit to result in the
>execution of arbitrary code with the privileges of the resolver-using
>application. Though no exploits are known to exist today, since
>practically all Internet applications utilize the resolver, the
>severity of this issue is high.
>
>IV. Workaround
>
>There is currently no workaround.
>
>V. Solution
>
>Do one of the following:
>
>1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6
>or RELENG_4_5 security branch dated after the correction date
>(4.6-RELEASE-p1 or 4.5-RELEASE-p7).
>
>2) To patch your present system:
>
>The following patch has been verified to apply to FreeBSD 4.5 and
>FreeBSD 4.6 systems.
>
>a) Download the relevant patch from the location below, and verify the
>detached PGP signature using your PGP utility.
>
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
>
>b) Execute the following commands as root:
>
># cd /usr/src
># patch < /path/to/patch
>
>c) Recompile the operating systems as described in
><URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
>
>Note that any statically linked applications that are not part of
>the base system (i.e. from the Ports Collection or other 3rd-party
>sources) must be recompiled.
>
>VI. Correction details
>
>The following list contains the revision numbers of each file that was
>corrected in FreeBSD.
>
>Path Revision
> Branch
>- -------------------------------------------------------------------------
>src/lib/libc/net/gethostbydns.c
> RELENG_4 1.27.2.2
> RELENG_4_6 1.27.10.1
> RELENG_4_5 1.27.8.1
>src/lib/libc/net/getnetbydns.c
> RELENG_4 1.13.2.2
> RELENG_4_6 1.13.2.1.8.1
> RELENG_4_5 1.13.2.1.6.1
>src/lib/libc/net/name6.c
> RELENG_4 1.6.2.6
> RELENG_4_6 1.6.2.5.8.1
> RELENG_4_5 1.6.2.5.6.1
>src/sys/conf/newvers.sh
> RELENG_4_6 1.44.2.23.2.2
> RELENG_4_5 1.44.2.20.2.8
>- -------------------------------------------------------------------------
>
>VII. References
>
><URL:http://www.pine.nl/advisories/pine-cert-20020601.html>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (FreeBSD)
>
>iQCVAwUBPRoQOVUuHi5z0oilAQG3cAP/d7Gb2rdkSjZKCR0NI+QzMibgySVTXOtF
>sdoJrYka/XnIpFMVAyXl36bibtRKbwfCyv/rEX39YSas7tqReizwAABoaRF956Qb
>qlek1ONvvd+Tj6+WpEEueX/VdPqGQuqMk0BoguIbOgwAya6ZFYJ9ZKAHHSN9YqO8
>ZGTC8pmqfGI=
>=s76v
>-----END PGP SIGNATURE-----
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security-notifications" in the body of the message

Chris
Zorg Enterprises

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message