Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2013-006: Arbitrary Kernel Read with netstat -P
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2013-006
=================================
Topic: Arbitrary Kernel Read with netstat -P
Version: NetBSD-current: source prior to Jun 21st, 2013
NetBSD 6.0: affected
NetBSD 6.0.*: affected
NetBSD 6.1: affected
NetBSD 5.1: affected
NetBSD 5.2: affected
Severity: Information Disclosure
Fixed: NetBSD-current: June 20th, 2013
NetBSD-6-0 branch: July 29th, 2013
NetBSD-6-1 branch: July 29th, 2013
NetBSD-6 branch: July 29th, 2013
NetBSD-5-1 branch: July 30th, 2013
NetBSD-5-2 branch: July 30th, 2013
NetBSD-5 branch: July 30th, 2013
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
netstat -P may disclose contents of kernel memory that aren't Protocol
Control Blocks.
Technical Details
=================
netstat -P does not check whether the address it gets called with is
actually pointing to a Protocol Control Block, nor whether (if it is
a PCB) the reader should have privileges to read it. This allows a
malicious user to study arbitrary sections of kernel memory.
Solutions and Workarounds
=========================
Workaround:
Remove the setgid flag from netstat (chmod 555 /usr/bin/netstat).
Solutions:
- - Install a new netstat binary from a daily build later than the
fix date from the same branch: fetch from
http://nyftp.NetBSD.org/pub/NetBSD-daily/<branch>/<date>/<arch>/
the file binary/sets/base.tgz
cd / && tar xzpf <base.tgz-path> ./usr/bin/netstat
- - Rebuild your system with the fixes applied.
HEAD netbsd-6 netbsd-6-1 netbsd-6-0
src/usr.bin/netstat/inet.c 1.103 1.101.2.1 1.101.14.1 1.101.8.1
src/usr.bin/netstat/inet6.c 1.62 1.59.6.1 1.59.16.1 1.59.12.1
src/usr.bin/netstat/main.c 1.86 1.81.4.1 1.81.10.1 1.81.8.1
src/usr.bin/netstat/netstat.h 1.47 1.43.4.1 1.43.10.1 1.43.8.1
netbsd-5 netbsd-5-2 netbsd-5-1
src/usr.bin/netstat/inet.c 1.88.6.2 1.88.6.1.10.1 1.88.6.1.6.1
src/usr.bin/netstat/inet6.c 1.50.6.2 1.50.6.1.10.1 1.50.6.1.6.1
src/usr.bin/netstat/main.c 1.70.4.1 1.70.2.1 1.70.12.1
src/usr.bin/netstat/netstat.h 1.36.8.1 1.36.6.1 1.36.16.1
Thanks To
=========
Thanks to Beverly Schwartz for finding the problem, and informing
the NetBSD Security Officer about it.
Revision History
================
2013-07-30 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-006.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2013, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2013-006.txt,v 1.2 2013/07/30 20:44:22 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJR+CYEAAoJEAZJc6xMSnBuUNQP/R5ky2UAEDkRrzkuVHU0Hufr
PxOfq5U4Y34nUZQ7IOrZbieBcCuuMNnkQ+Ckm4cSlIGMo5Tv1E2+wTlssS+3A92c
3+FbDe3DYxbKrKP9oHl5AHD+eOAZ0Vx3UlrgK3qAKuEGIxoCLFbIz5LvR9sIJI2S
1Fsxp0705B1pqpkIUN+kZofNe/yFE6JSOnna5bc/inNfBNE18L4sdTGmBQdEloxz
8br2II3uVWMN/9nro8vGKG+NfuWRCr0+mLD7oQ9/csa0gSBKCd6zL7goJruNKNSk
N8js85jz6fZIOFuy8WwD2cAJ1zHAaJvoFMQ48HFOTkFzlUqV+NmmTIKZbLlgUFD5
VxzYOVt7cZLuv3tLlVJapKNLTOS3+fQrsG3iAsnc+N55M+zbd1b11STURT/H/KGv
+FhKmfsAitYTXBptRXv9masJMzfhvUo5vdSpZ3NT2z2ceQx/czW7C08JCqYDOCpd
uROm5CzIRRVHoAIqwdUBb+RcoG9ANTlok5X3SYDdmP2pZh5obXKIP8Bfy8BWusqm
Nc5wf+lix/9egzht9nOH8Hlq4ioix4kAvJZ3wW4Jfln0tCPattm55iTt0DYk7o5G
8+O4pEcccyokqZiZDihv8T1sICWgnAi7B0Rar4YixthT2Rky8C05QGlGVKZZcbyb
ep0P++Vom2F/4t1iFsyq
=ZpXK
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index