<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div>thanks for the info, patched ;)<br><br><a href="http://forums.freebsd.org/showpost.php?s=edf3f3360fa9264c6cb40fef9ab98fab&amp;p=44110&amp;postcount=1" target="_blank"><span class="yshortcuts" id="lw_1263138271_0"></span></a>FreeBSD tomoyo.sensored.gov.my 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan&nbsp; 5 21:11:58 UTC 2010&nbsp;&nbsp;&nbsp;&nbsp; root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC&nbsp; amd64<br><span style="text-decoration: underline;"><br></span></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><a href="http://forums.freebsd.org/showpost.php?s=edf3f3360fa9264c6cb40fef9ab98fab&amp;p=44110&amp;postcount=1" target="_blank"><span class="yshortcuts" id="lw_1263138271_0"></span></a><div style="font-family: times new roman,new
 york,times,serif; font-size: 12pt;"><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Ahmad Arafat Abdullah &lt;trunasuci@gmail.com&gt;<br><b><span style="font-weight: bold;">To:</span></b> pcbsd-malaysia@lists.pcbsd.org; osdcmy-list@googlegroups.com<br><b><span style="font-weight: bold;">Sent:</span></b> Sun, January 10, 2010 5:57:18 AM<br><b><span style="font-weight: bold;">Subject:</span></b> [PCBSD-malaysia] 3 new security advisory for FreeBSD<br></font><br>
<br clear="all">My fellow frens and BSDians..<br><br>3 patches already out!!<br><br>BIND<br>NTPD<br>ZFS<br><br><br>sorry for little late to announce.. maybe some of u already alert this..<br>patch your system now...<br><br>
<br><br><br>


<div id="AOLMsgPart_0_5c82d2e8-ed5f-48fa-9e1e-f5ca518b9c1e" style="margin: 0px; font-family: Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<pre style="font-size: 9pt;"><tt>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>=============================================================================<br>FreeBSD-SA-10:01.bind                                       Security Advisory<br>
                                                          The FreeBSD Project<br><br>Topic:          BIND named(8) cache poisoning with DNSSEC validation<br><br>Category:       contrib<br>Module:         bind<br>Announced:      2010-01-06<br>
Credits:        Michael Sinatra<br>Affects:        All supported versions of FreeBSD.<br>Corrected:      2009-12-11 01:23:58 UTC (RELENG_8, 8.0-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)<br>
                2009-12-11 02:23:04 UTC (RELENG_7, 7.2-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)<br>                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)<br>                2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)<br>
                2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)<br>                2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)<br>CVE Name:       CVE-2009-4022<br><br>For general information regarding FreeBSD Security Advisories,<br>
including descriptions of the fields above, security branches, and the<br><span>following sections, please visit <url:><a target="_blank" href="http://security.freebsd.org/">http://security.freebsd.org/</a>&gt;.</url:></span><br><br>I.   Background<br>
<br>BIND 9 is an implementation of the Domain Name System (DNS) protocols.<br>The named(8) daemon is an Internet Domain Name Server.<br><br>DNS Security Extensions (DNSSEC) provides data integrity, origin<br>authentication and authenticated denial of existence to resolvers.<br>
<br>II.  Problem Description<br><br>If a client requests DNSSEC records with the Checking Disabled (CD) flag<br>set, BIND may cache the unvalidated responses.  These responses may later<br>be returned to another client that has not set the CD flag.<br>
<br>III. Impact<br><br>If a client can send such queries to a server, it can exploit this<br>problem to mount a cache poisoning attack, seeding the cache with<br>unvalidated information.<br><br>IV.  Workaround<br><br>Disabling DNSSEC validation will prevent BIND from caching unvalidated<br>
records, but also prevent DNSSEC authentication of records.  Systems not<br>using DNSSEC validation are not affected.<br><br>V.   Solution<br><br>Perform one of the following:<br><br>1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,<br>
or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or<br>RELENG_6_3 security branch dated after the correction date.<br><br>2) To patch your present system:<br><br>The following patches have been verified to apply to FreeBSD 6.3, 6.4,<br>
7.1, 7.2, and 8.0 systems.<br><br>a) Download the relevant patch from the location below, and verify the<br>detached PGP signature using your PGP utility.<br><br>[FreeBSD 6.3]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-63.patch">http://security.freebsd.org/patches/SA-10:01/bind9-63.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-63.patch.asc">http://security.freebsd.org/patches/SA-10:01/bind9-63.patch.asc</a></span><br><br>[FreeBSD 6.4]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-64.patch">http://security.freebsd.org/patches/SA-10:01/bind9-64.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-64.patch.asc">http://security.freebsd.org/patches/SA-10:01/bind9-64.patch.asc</a></span><br><br>[FreeBSD 7.1]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-71.patch">http://security.freebsd.org/patches/SA-10:01/bind9-71.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-71.patch.asc">http://security.freebsd.org/patches/SA-10:01/bind9-71.patch.asc</a></span><br><br>[FreeBSD 7.2]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-72.patch">http://security.freebsd.org/patches/SA-10:01/bind9-72.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-72.patch.asc">http://security.freebsd.org/patches/SA-10:01/bind9-72.patch.asc</a></span><br><br>[FreeBSD 8.0]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-80.patch">http://security.freebsd.org/patches/SA-10:01/bind9-80.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:01/bind9-80.patch.asc">http://security.freebsd.org/patches/SA-10:01/bind9-80.patch.asc</a></span><br><br>b) Execute the following commands as root:<br><br>
# cd /usr/src<br># patch &lt; /path/to/patch<br># cd /usr/src/lib/bind<br># make obj &amp;&amp; make depend &amp;&amp; make &amp;&amp; make install<br># cd /usr/src/usr.sbin/named<br># make obj &amp;&amp; make depend &amp;&amp; make &amp;&amp; make install<br>
# /etc/rc.d/named restart<br><br>NOTE WELL: Users running FreeBSD 6 and using DNSSEC are advised to get<br>a more recent BIND version with more complete DNSSEC support.  This<br>can be done either by upgrading to FreeBSD 7.x or later, or installing<br>
BIND for the FreeBSD Ports Collection.<br><br>VI.  Correction details<br><br>The following list contains the revision numbers of each file that was<br>corrected in FreeBSD.<br><br>CVS:<br><br>Branch                                                           Revision<br>
  Path<br>- -------------------------------------------------------------------------<br>RELENG_6<br>  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.1.4.4<br>  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.1.4.2<br>
  src/contrib/bind9/lib/dns/resolver.c                       1.1.1.2.2.11<br>  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.1.4.3<br>  src/contrib/bind9/lib/dns/validator.c                       1.1.1.2.2.6<br>
  src/contrib/bind9/bin/named/query.c                         1.1.1.1.4.7<br>RELENG_6_4<br>  src/UPDATING                                            1.416.2.40.2.13<br>  src/sys/conf/newvers.sh                                  1.69.2.18.2.15<br>
  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.1.4.3.2.1<br>  src/contrib/bind9/lib/dns/include/dns/types.h           1.1.1.1.4.1.4.1<br>  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.9.2.1<br>
  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.1.4.1.4.1<br>  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.4.2.1<br>  src/contrib/bind9/bin/named/query.c                     1.1.1.1.4.5.2.1<br>
RELENG_6_3<br>  src/UPDATING                                            1.416.2.37.2.20<br>  src/sys/conf/newvers.sh                                  1.69.2.15.2.19<br>  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.1.4.2.2.1<br>
  src/contrib/bind9/lib/dns/include/dns/types.h           1.1.1.1.4.1.2.1<br>  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.6.2.2<br>  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.1.4.1.2.1<br>
  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.3.2.1<br>  src/contrib/bind9/bin/named/query.c                     1.1.1.1.4.4.2.1<br>RELENG_7<br>  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.4.2.4<br>
  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.2.2<br>  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.9.2.6<br>  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.3.2.3<br>
  src/contrib/bind9/lib/dns/validator.c                       1.1.1.6.2.5<br>  src/contrib/bind9/bin/named/query.c                         1.1.1.6.2.4<br>RELENG_7_2<br>  src/UPDATING                                             1.507.2.23.2.9<br>
  src/sys/conf/newvers.sh                                  1.72.2.11.2.10<br>  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.2.2.1<br>  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.8.1<br>
  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.4.2.1<br>  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.3.2.1.2.1<br>  src/contrib/bind9/lib/dns/validator.c                   1.1.1.6.2.3.2.1<br>
  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.2.2.1<br>RELENG_7_1<br>  src/UPDATING                                            1.507.2.13.2.13<br>  src/sys/conf/newvers.sh                                   1.72.2.9.2.14<br>
  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.1.4.1<br>  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.6.1<br>  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.3.2.1<br>
  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.3.6.1<br>  src/contrib/bind9/lib/dns/validator.c                   1.1.1.6.2.1.4.1<br>  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.1.4.1<br>
RELENG_8<br>  src/contrib/bind9/lib/dns/rbtdb.c                               1.3.2.2<br>  src/contrib/bind9/lib/dns/include/dns/types.h                   1.2.2.2<br>  src/contrib/bind9/lib/dns/resolver.c                            1.6.2.2<br>
  src/contrib/bind9/lib/dns/masterdump.c                          1.3.2.2<br>  src/contrib/bind9/lib/dns/validator.c                           1.4.2.2<br>  src/contrib/bind9/bin/named/query.c                             1.3.2.2<br>
RELENG_8_0<br>  src/UPDATING                                              1.632.2.7.2.5<br>  src/sys/conf/newvers.sh                                    1.83.2.6.2.5<br>  src/contrib/bind9/lib/dns/rbtdb.c                               1.3.4.1<br>
  src/contrib/bind9/lib/dns/include/dns/types.h                   1.2.4.1<br>  src/contrib/bind9/lib/dns/resolver.c                            1.6.4.1<br>  src/contrib/bind9/lib/dns/masterdump.c                          1.3.4.1<br>
  src/contrib/bind9/lib/dns/validator.c                           1.4.4.1<br>  src/contrib/bind9/bin/named/query.c                             1.3.4.1<br>- -------------------------------------------------------------------------<br>
<br>Subversion:<br><br>Branch/path                                                      Revision<br>- -------------------------------------------------------------------------<br>stable/6/                                                         r200394<br>
releng/6.4/                                                       r201679<br>releng/6.3/                                                       r201679<br>stable/7/                                                         r200393<br>
releng/7.2/                                                       r201679<br>releng/7.1/                                                       r201679<br>stable/8/                                                         r200383<br>
releng/8.0/                                                       r201679<br>head/                                                             r199958<br>- -------------------------------------------------------------------------<br>
<br>VII. References<br><br><a rel="nofollow" target="_blank" href="https://www.isc.org/node/504">https://www.isc.org/node/504</a><br><span><a target="_blank" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022</a></span><br>
<br>The latest revision of this advisory is available at<br><span><a target="_blank" href="http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc">http://security.freebsd.org/advisories/FreeBSD-SA-10:01.bind.asc</a></span><br>
-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.10 (FreeBSD)<br><br>iD8DBQFLRQ9dFdaIBMps37IRAip+AJ0S55AYqLsrwrLLMo8Qi6fGxoH7EQCfU/6K<br>RUb5Kn+O1qc/FUzEQ12AmrA=<br>=Pfoo<br>-----END PGP SIGNATURE-----<br>_______________________________________________<br>
<a rel="nofollow" ymailto="mailto:freebsd-security-notifications@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications@freebsd.org">freebsd-security-notifications@freebsd.org</a> mailing list<br><span><a target="_blank" href="http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications">http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications</a></span><br>
To unsubscribe, send any mail to "<a rel="nofollow" ymailto="mailto:freebsd-security-notifications-unsubscribe@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications-unsubscribe@freebsd.org">freebsd-security-notifications-unsubscribe@freebsd.org</a>"<br><br><br><br><br><br><br>========================================================================================================================<br>
<br><br><br></tt><br><br><br></pre><div id="AOLMsgPart_0_dabb600c-c802-45bc-8699-44ea0bed0e82" style="margin: 0px; font-family: Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">


<pre style="font-size: 9pt;"><tt>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>=============================================================================<br>FreeBSD-SA-10:02.ntpd                                       Security Advisory<br>
                                                          The FreeBSD Project<br><br>Topic:          ntpd mode 7 denial of service<br><br>Category:       contrib<br>Module:         ntpd<br>Announced:      2010-01-06<br>Affects:        All supported versions of FreeBSD.<br>
Corrected:      2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)<br>                2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)<br>
                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)<br>                2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)<br>                2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)<br>
CVE Name:       CVE-2009-3563<br><br>For general information regarding FreeBSD Security Advisories,<br>including descriptions of the fields above, security branches, and the<br>following sections, please visit &lt;URL:<a rel="nofollow" target="_blank" href="http://security.freebsd.org/">http://security.FreeBSD.org/</a>&gt;.<br>
<br>I.   Background<br><br>The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)<br>used to synchronize the time of a computer system to a reference time<br>source.<br><br>II.  Problem Description<br>
<br>If ntpd receives a mode 7 (MODE_PRIVATE) request or error response<br>from a source address not listed in either a 'restrict ... noquery'<br>or a 'restrict ... ignore' section it will log the even and send<br>
a mode 7 error response.<br><br>III. Impact<br><br>If an attacker can spoof such a packet from a source IP of an affected<br>ntpd to the same or a different affected ntpd, the host(s) will endlessly<br>send error responses to each other and log each event, consuming network<br>
bandwidth, CPU and possibly disk space.<br><br>IV.  Workaround<br><br>Proper filtering of mode 7 NTP packets by a firewall can limit the<br>number of systems used to attack your resources.<br><br>V.   Solution<br><br>Perform one of the following:<br>
<br>1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,<br>or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or<br>RELENG_6_3 security branch dated after the correction date.<br><br>2) To patch your present system:<br>
<br>The following patches have been verified to apply to FreeBSD 6.3, 6.4,<br>7.1, 7.2, and 8.0 systems.<br><br>a) Download the relevant patch from the location below, and verify the<br>detached PGP signature using your PGP utility.<br>
<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:02/ntpd.patch">http://security.freebsd.org/patches/SA-10:02/ntpd.patch</a></span><br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:02/ntpd.patch.asc">http://security.freebsd.org/patches/SA-10:02/ntpd.patch.asc</a></span><br>
<br>b) Execute the following commands as root:<br><br># cd /usr/src<br># patch &lt; /path/to/patch<br># cd /usr/src/usr.sbin/ntp/ntpd<br># make obj &amp;&amp; make depend &amp;&amp; make &amp;&amp; make install<br># /etc/rc.d/ntpd restart<br>
<br>VI.  Correction details<br><br>The following list contains the revision numbers of each file that was<br>corrected in FreeBSD.<br><br>CVS:<br><br>Branch                                                           Revision<br>
  Path<br>- -------------------------------------------------------------------------<br>RELENG_6<br>  src/contrib/ntp/ntpd/ntp_request.c                          1.1.1.4.8.2<br>RELENG_6_4<br>  src/UPDATING                                            1.416.2.40.2.13<br>
  src/sys/conf/newvers.sh                                  1.69.2.18.2.15<br>  src/contrib/ntp/ntpd/ntp_request.c                      1.1.1.4.8.1.2.1<br>RELENG_6_3<br>  src/UPDATING                                            1.416.2.37.2.20<br>
  src/sys/conf/newvers.sh                                  1.69.2.15.2.19<br>  src/contrib/ntp/ntpd/ntp_request.c                         1.1.1.4.20.1<br>RELENG_7<br>  src/contrib/ntp/ntpd/ntp_request.c                         1.1.1.4.18.2<br>
RELENG_7_2<br>  src/UPDATING                                             1.507.2.23.2.9<br>  src/sys/conf/newvers.sh                                  1.72.2.11.2.10<br>  src/contrib/ntp/ntpd/ntp_request.c                     1.1.1.4.18.1.4.1<br>
RELENG_7_1<br>  src/UPDATING                                            1.507.2.13.2.13<br>  src/sys/conf/newvers.sh                                   1.72.2.9.2.14<br>  src/contrib/ntp/ntpd/ntp_request.c                     1.1.1.4.18.1.2.1<br>
RELENG_8<br>  src/contrib/ntp/ntpd/ntp_request.c                              1.2.2.1<br>RELENG_8_0<br>  src/UPDATING                                              1.632.2.7.2.5<br>  src/sys/conf/newvers.sh                                    1.83.2.6.2.5<br>
  src/contrib/ntp/ntpd/ntp_request.c                              1.2.4.1<br>- -------------------------------------------------------------------------<br><br>Subversion:<br><br>Branch/path                                                      Revision<br>
- -------------------------------------------------------------------------<br>stable/6/                                                         r201679<br>releng/6.4/                                                       r201679<br>
releng/6.3/                                                       r201679<br>stable/7/                                                         r201679<br>releng/7.2/                                                       r201679<br>
releng/7.1/                                                       r201679<br>stable/8/                                                         r201679<br>releng/8.0/                                                       r201679<br>
head/                                                             r200576<br>- -------------------------------------------------------------------------<br><br>VII. References<br><br><span><a target="_blank" href="http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode">http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode</a></span><br>
<a rel="nofollow" target="_blank" href="https://support.ntp.org/bugs/show_bug.cgi?id=1331">https://support.ntp.org/bugs/show_bug.cgi?id=1331</a><br><span><a target="_blank" href="http://www.kb.cert.org/vuls/id/568372">http://www.kb.cert.org/vuls/id/568372</a></span><br><span>
<a target="_blank" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563</a></span><br><br>The latest revision of this advisory is available at<br><span><a target="_blank" href="http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc">http://security.freebsd.org/advisories/FreeBSD-SA-10:02.ntpd.asc</a></span><br>
-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.10 (FreeBSD)<br><br>iD8DBQFLRQ9gFdaIBMps37IRAuH1AJ9eOII8McK5332jhuBHEMxAUbWKNQCghYfs<br>y66+ElAr2uZrrXwerlVETPc=<br>=yJm1<br>-----END PGP SIGNATURE-----<br>_______________________________________________<br>
<a rel="nofollow" ymailto="mailto:freebsd-security-notifications@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications@freebsd.org">freebsd-security-notifications@freebsd.org</a> mailing list<br><a rel="nofollow" target="_blank" href="http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications">http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications</a><br>
To unsubscribe, send any mail to "<a rel="nofollow" ymailto="mailto:freebsd-security-notifications-unsubscribe@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications-unsubscribe@freebsd.org">freebsd-security-notifications-unsubscribe@freebsd.org</a>"<br></tt></pre>
</div> 

<style>.AOLWebSuite .AOLPicturesFullSizeLink {height:1px;width:1px;overflow:hidden;}.AOLWebSuite a {color:blue;text-decoration:underline;cursor:pointer;}.AOLWebSuite a.hsSig {cursor:default;}</style><pre style="font-size: 9pt;"><br></pre>
</div> 

<style>.AOLWebSuite .AOLPicturesFullSizeLink {height:1px;width:1px;overflow:hidden;}.AOLWebSuite a {color:blue;text-decoration:underline;cursor:pointer;}.AOLWebSuite a.hsSig {cursor:default;}</style><br>
<br><br>=========================================================================================================================<br><br><br><br><br><br>


<div id="AOLMsgPart_0_ab979cb7-b078-465a-b73c-86d0c9d5917f" style="margin: 0px; font-family: Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<pre style="font-size: 9pt;"><tt>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>=============================================================================<br>FreeBSD-SA-10:03.zfs                                        Security Advisory<br>
                                                          The FreeBSD Project<br><br>Topic:          ZFS ZIL playback with insecure permissions<br><br>Category:       contrib<br>Module:         zfs<br>Announced:      2010-01-06<br>
Credits:        Pawel Jakub Dawidek<br>Affects:        FreeBSD 7.0 and later.<br>Corrected:      2009-11-14 11:59:59 UTC (RELENG_8, 8.0-STABLE)<br>                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)<br>                2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)<br>
                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)<br>                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)<br><br>For general information regarding FreeBSD Security Advisories,<br>including descriptions of the fields above, security branches, and the<br>
following sections, please visit &lt;URL:<a rel="nofollow" target="_blank" href="http://security.freebsd.org/">http://security.FreeBSD.org/</a>&gt;.<br><br>I.   Background<br><br>ZFS is a file-system originally developed by Sun Microsystems.<br>
<br>The ZFS Intent Log ("ZIL") is a mechanism that gathers together in memory<br>transactions of writes, and is flushed onto disk when synchronous<br>semantics is necessary.  In the event of crash or power failure, the<br>
log is examined and the uncommitted transaction would be replayed to<br>maintain the synchronous semantics.<br><br>II.  Problem Description<br><br>When replaying setattr transaction, the replay code would set the<br>attributes with certain insecure defaults, when the logged<br>
transaction did not touch these attributes.<br><br>III. Impact<br><br>A system crash or power fail would leave some file with mode set<br>to 07777.  This could leak sensitive information or cause privilege<br>escalation.<br>
<br>IV.  Workaround<br><br>No workaround is available, but systems not using ZFS are not<br>vulnerable.<br><br>V.   Solution<br><br>Perform one of the following:<br><br>1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the<br>
RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the<br>correction date.<br><br>2) To patch your present system:<br><br>The following patches have been verified to apply to FreeBSD 7.1, 7.2,<br>and 8.0 systems.<br>
<br>a) Download the relevant patch from the location below, and verify the<br>detached PGP signature using your PGP utility.<br><br>[FreeBSD 7.x]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:03/zfs712.patch">http://security.freebsd.org/patches/SA-10:03/zfs712.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:03/zfs712.patch.asc">http://security.freebsd.org/patches/SA-10:03/zfs712.patch.asc</a></span><br><br>[FreeBSD 8.0]<br><span># fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:03/zfs.patch">http://security.freebsd.org/patches/SA-10:03/zfs.patch</a></span><br><span>
# fetch <a target="_blank" href="http://security.freebsd.org/patches/SA-10:03/zfs.patch.asc">http://security.freebsd.org/patches/SA-10:03/zfs.patch.asc</a></span><br><br>b) Apply the patch.<br><br># cd /usr/src<br># patch &lt; /path/to/patch<br>
<br>c) Recompile your kernel as described in<br><span><url:><a target="_blank" href="http://www.freebsd.org/handbook/kernelconfig.html">http://www.freebsd.org/handbook/kernelconfig.html</a>&gt; and reboot the</url:></span><br>system.<br><br>
3) Examine the system and look for affected files.<br><br>These files can be identified with the following command:<br><br># find / -perm -7777 -print0 | xargs -0 ls -ld<br><br>The system administrator will have to correct these problems if there<br>
is any files with such permission modes.  For example:<br><br># find / -perm -7777 -print0 | xargs -0 chmod u=rwx,go=<br><br>Will reset access mode bits to be readable, writable and executable<br>by the owner only.  The system administrator should determine the<br>
appropriate mode bits wisely.<br><br>VI.  Correction details<br><br>The following list contains the revision numbers of each file that was<br>corrected in FreeBSD.<br><br>CVS:<br><br>Branch                                                           Revision<br>
  Path<br>- -------------------------------------------------------------------------<br>RELENG_7<br>  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.6.2.3<br>RELENG_7_2<br>  src/UPDATING                                             1.507.2.23.2.9<br>
  src/sys/conf/newvers.sh                                  1.72.2.11.2.10<br>  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c<br>                                                              1.6.2.1.4.1<br>
RELENG_7_1<br>  src/UPDATING                                            1.507.2.13.2.13<br>  src/sys/conf/newvers.sh                                   1.72.2.9.2.14<br>  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c<br>
                                                              1.6.2.1.2.1<br>RELENG_8<br>  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.2.2<br>RELENG_8_0<br>  src/UPDATING                                              1.632.2.7.2.5<br>
  src/sys/conf/newvers.sh                                    1.83.2.6.2.5<br>  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.4.1<br>- -------------------------------------------------------------------------<br>
<br>Subversion:<br><br>Branch/path                                                      Revision<br>- -------------------------------------------------------------------------<br>stable/7/                                                         r201679<br>
releng/7.2/                                                       r201679<br>releng/7.1/                                                       r201679<br>stable/8/                                                         r199266<br>
releng/8.0/                                                       r201679<br>head/                                                             r199157<br>- -------------------------------------------------------------------------<br>
<br>VII. References<br><br>The latest revision of this advisory is available at<br><span><a target="_blank" href="http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc">http://security.freebsd.org/advisories/FreeBSD-SA-10:03.zfs.asc</a></span><br>
-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.10 (FreeBSD)<br><br>iD8DBQFLRRILFdaIBMps37IRAnI3AJ9ioK1Bbg++DpPYW/RX9wnujAeJxACff+Ph<br>oEIfaiJ5y/DoGhklcAJdXTU=<br>=JPje<br>-----END PGP SIGNATURE-----<br><br><br><br>
<br><br>_______________________________________________<br><a rel="nofollow" ymailto="mailto:freebsd-security-notifications@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications@freebsd.org">freebsd-security-notifications@freebsd.org</a> mailing list<br><a rel="nofollow" target="_blank" href="http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications">http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications</a><br>
To unsubscribe, send any mail to "<a rel="nofollow" ymailto="mailto:freebsd-security-notifications-unsubscribe@freebsd.org" target="_blank" href="mailto:freebsd-security-notifications-unsubscribe@freebsd.org">freebsd-security-notifications-unsubscribe@freebsd.org</a>"<br></tt></pre>
</div> 

<style>.AOLWebSuite .AOLPicturesFullSizeLink {height:1px;width:1px;overflow:hidden;}.AOLWebSuite a {color:blue;text-decoration:underline;cursor:pointer;}.AOLWebSuite a.hsSig {cursor:default;}</style><br>
-- <br># uname -a<br>NetBSD &nbsp;5.0 NetBSD 5.0 (GENERIC) #0: Sun Apr 26 18:50:08 UTC 2009 &nbsp;builds@b6.netbsd.org:/home/builds/ab/netbsd-5-0-RELEASE/i386/200904260229Z-obj/home/builds/ab/netbsd-5-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386<br>
<br>
</div></div>
<!-- cg28.c3.mail.sp2.yahoo.com compressed/chunked Sun Jan 10 07:43:23 PST 2010 -->
</div><br>

      </body></html>