Security-Announce archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2011-003: Exhausting kernel memory from user controlled value
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2011-003
=================================
Topic: Exhausting kernel memory from user controlled value
Version: NetBSD-current: source prior to March 4th, 2011
NetBSD 5.0.*: affected
NetBSD 5.0: affected
NetBSD 5.1: affected
NetBSD 4.0.*: affected
NetBSD 4.0: affected
Severity: local DOS
Fixed: NetBSD-current: March 4th, 2011
NetBSD-5-0 branch: March 7th, 2011
NetBSD-5-1 branch: March 7th, 2011
NetBSD-5 branch: March 7th, 2011
NetBSD-4-0 branch: March 7th, 2011
NetBSD-4 branch: March 7th, 2011
Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
Kernel memory can be exhausted by a specially crafted program.
This may cause a panic.
Technical Details
=================
The handler for the kern.proc sysctl tree doesn't sanitize the input
and allocates kernel memory based on a user controllable value (the
number of command arguments).
Depending on the circumstances, this can either exhaust kernel memory
or hit allocation assertions.
The vulnerability was found while refactoring ps_strings access.
Solutions and Workarounds
=========================
Patch, recompile, and reinstall the kernel, then reboot.
CVS branch file revision
------------- ---------------- --------
HEAD src/sys/kern/kern_proc.c 1.172
netbsd-5-0 src/sys/kern/init_sysctl.c 1.149.4.4.2.4
netbsd-5-1 src/sys/kern/init_sysctl.c 1.149.4.7.2.1
netbsd-5 src/sys/kern/init_sysctl.c 1.149.4.8
netbsd-4-0 src/sys/kern/init_sysctl.c 1.93.2.1.6.2
netbsd-4 src/sys/kern/init_sysctl.c 1.93.2.3
The following instructions briefly summarize how to update and
recompile the kernel. In these instructions, replace:
VERSION with the fixed version from the appropriate CVS branch
(from the above table)
FILE with the name of the file from the above table
ARCH with your architecture (from uname -m), and
KERNCONF with the name of your kernel configuration file.
To update from CVS, re-build, and re-install the kernel:
# cd src
# cvs update -r VERSION FILE
# ./build.sh kernel=KERNCONF
# cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd.new
# mv /netbsd /netbsd.old && mv /netbsd.new /netbsd
then reboot:
# shutdown -r now
For more information on how to do this, see:
http://www.NetBSD.org/guide/en/chap-kernel.html
Thanks To
=========
Thanks to Joerg Sonnenberger for finding the issue and providing a fix.
Revision History
================
2011-03-08 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2011, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2011-003.txt.asc,v 1.1 2011/03/08 01:45:21 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (NetBSD)
iQIcBAEBAgAGBQJNdYnyAAoJEAZJc6xMSnBuNlsP/0yuYnwAdZm8VcJd4he+UK3O
lARF0DzKpCixXMi8X3jiUqZReJCeLMAw0Y+SwdBRJz6s+ZZzI2D0Rq86R40A0ZmO
ehhDfWezocrcZMw1rrApS++UBlOCeZ3lTlkwziYIUGfWHhy/1LT7YgwAUHVO9l5H
M/eLEPvltkh/aoNizHAS/OSiEWlwOZ3hNq4TFir6DXVl8uOVOapusx2ca3keT2tw
YX8OcMJX6mp+6o7ROLBijfgnTsgqSWYabLztLG+tsTfQiCKw032iB9OFig91G130
yuyd+vpNUm9delRxNiu7lTkYVllbGwS7iLvelxfVmn4/PuRuvogtjin+N8vEmjRE
s5lILc8xEfbhjKWHQvQVCpa3gyBZf9sRWXdlGxiEBCcOrOzE31xscx18V2CJ5MS6
g037GhCYBSR+8x2fkuJPj/xyoyEqOK9bFCRc0zjIW4iMa0kIHLi93FlX916bhB1p
AP8paZzRpYq26UE5nWbOIuc3E4wky29SxmS4diCTDJB+Pg17rfdyzPbZ4S6enlmE
9xzlEheUnroW9X5bdiNWAmTDdLfwUj7qFSLAZWBU7HIfyE9Qkua3TT5ieDPHhEX8
oi4hiEakNmpnpIIKBFi3V2F0H80Gq6mF25kqVZjO0ySIROaZ6HnBKy9s/qWIFgCA
DDIuInrMt8YIHUeXzwXv
=1xTH
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index