No running daemons with listening ports effected that could trigger it? -- Jason Hellenthal JJH48-ARIN - (2^(N-1)) On Feb 19, 2013, at 10:48, "Philip M. Gollucci" <[email protected]> wrote: > This is an internal only vuln with local user account. I see no need to > rush this one. We'll pick it up at a later date. > > > On Tue, Feb 19, 2013 at 9:04 AM, FreeBSD Security Advisories < > [email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> ============================================================================= >> FreeBSD-SA-13:02.libc Security >> Advisory >> The FreeBSD >> Project >> >> Topic: glob(3) related resource exhaustion >> >> Category: core >> Module: libc >> Announced: 2013-02-19 >> Affects: All supported versions of FreeBSD. >> Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) >> 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) >> 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) >> 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) >> 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) >> 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) >> 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) >> CVE Name: CVE-2010-2632 >> >> For general information regarding FreeBSD Security Advisories, >> including descriptions of the fields above, security branches, and the >> following sections, please visit <URL:http://security.FreeBSD.org/>. >> >> I. Background >> >> The glob(3) function is a pathname generator that implements the rules for >> file name pattern matching used by the shell. >> >> II. Problem Description >> >> GLOB_LIMIT is supposed to limit the number of paths to prevent against >> memory or CPU attacks. The implementation however is insufficient. >> >> III. Impact >> >> An attacker that is able to exploit this vulnerability could cause >> excessive >> memory or CPU usage, resulting in a Denial of Service. A common target for >> a remote attacker could be ftpd(8). >> >> IV. Workaround >> >> No workaround is available. >> >> V. Solution >> >> Perform one of the following: >> >> 1) Upgrade your vulnerable system to a supported FreeBSD stable or >> release / security branch (releng) dated after the correction date. >> >> 2) To update your vulnerable system via a source code patch: >> >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >> >> a) Download the relevant patch from the location below, and verify the >> detached PGP signature using your PGP utility. >> >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch >> # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc >> # gpg --verify libc.patch.asc >> >> b) Execute the following commands as root: >> >> # cd /usr/src >> # patch < /path/to/patch >> >> Recompile the operating system using buildworld and installworld as >> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. >> >> Restart all daemons, or reboot the system. >> >> 3) To update your vulnerable system via a binary patch: >> >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: >> >> # freebsd-update fetch >> # freebsd-update install >> >> Restart all daemons, or reboot the system. >> >> VI. Correction details >> >> The following list contains the revision numbers of each file that was >> corrected in FreeBSD. >> >> Branch/path Revision >> - ------------------------------------------------------------------------- >> stable/7/ r246357 >> releng/7.4/ r246989 >> stable/8/ r246357 >> releng/8.3/ r246989 >> stable/9/ r246357 >> releng/9.0/ r246989 >> releng/9.1/ r246989 >> - ------------------------------------------------------------------------- >> >> VII. References >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 >> >> The latest revision of this advisory is available at >> http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.12 (FreeBSD) >> >> iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv >> z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 >> =mCPv >> -----END PGP SIGNATURE----- >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "[email protected] >> " >> > > > > -- > --------------------------------------------------------------------------------------------- > 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C > Philip M. Gollucci ([email protected]) c: 703.336.9354 > Member, Apache Software Foundation > Committer, FreeBSD Foundation > Consultant, P6M7G8 Inc. > Director Operations, Ridecharge Inc. > > Work like you don't need the money, > love like you'll never get hurt, > and dance like nobody's watching. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"