On Sat, Oct 3, 2009 at 3:12 AM, FreeBSD Security Advisories <security-advisor...@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-09:14.devfs Security Advisory > The FreeBSD Project > > Topic: Devfs / VFS NULL pointer race condition > > Category: core > Module: kern > Announced: 2009-10-02 > Credits: Przemyslaw Frasunek > Affects: FreeBSD 6.x and 7.x > Corrected: 2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE) > 2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4) > 2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8) > 2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE) > 2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7) > 2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > The device file system (devfs) provides access to system devices, such as > storage devices and serial ports, via the file system namespace. > > VFS is the Virtual File System, which abstracts file system operations in > the kernel from the actual underlying file system. > > II. Problem Description > > Due to the interaction between devfs and VFS, a race condition exists > where the kernel might dereference a NULL pointer. > > III. Impact > > Successful exploitation of the race condition can lead to local kernel > privilege escalation, kernel data corruption and/or crash. > > To exploit this vulnerability, an attacker must be able to run code with user > privileges on the target system. > > IV. Workaround > > An errata note, FreeBSD-EN-09:05.null has been released simultaneously to > this advisory, and contains a kernel patch implementing a workaround for a > more broad class of vulnerabilities. However, prior to those changes, no > workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the > RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch > dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 6.3, 6.4, > 7.1, and 7.2 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 6.x] > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch.asc > > [FreeBSD 7.x] > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch > # fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_6 > src/sys/fs/devfs/devfs_vnops.c 1.114.2.17 > RELENG_6_4 > src/UPDATING 1.416.2.40.2.11 > src/sys/conf/newvers.sh 1.69.2.18.2.13 > src/sys/fs/devfs/devfs_vnops.c 1.114.2.16.2.2 > RELENG_6_3 > src/UPDATING 1.416.2.37.2.18 > src/sys/conf/newvers.sh 1.69.2.15.2.17 > src/sys/fs/devfs/devfs_vnops.c 1.114.2.15.2.1 > RELENG_7 > src/sys/fs/devfs/devfs_vnops.c 1.149.2.9 > RELENG_7_2 > src/UPDATING 1.507.2.23.2.7 > src/sys/conf/newvers.sh 1.72.2.11.2.8 > src/sys/fs/devfs/devfs_vnops.c 1.149.2.8.2.2 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.11 > src/sys/conf/newvers.sh 1.72.2.9.2.12 > src/sys/fs/devfs/devfs_vnops.c 1.149.2.4.2.2 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/6/ r197715 > releng/6.4/ r197715 > releng/6.3/ r197715 > stable/7/ r192301 > releng/7.2/ r197715 > releng/7.1/ r197715 > - ------------------------------------------------------------------------- > > VII. References > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-09:14.devfs.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (FreeBSD) > > iD8DBQFKxltlFdaIBMps37IRAp4zAJwJEwIySGqxH4EXwc0wjkDXlcTb1wCfTltO > Syds53GSM0YbsMNUVMGsLaU= > =exPZ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org" >
Hi folks, I just got some problem when compling my kerne. Here we go: rm -f hack.c MAKE=make sh /usr/src/sys/conf/newvers.sh WILLSZPROXY cc -c -O -pipe -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3 -ffreestanding -Werror vers.c linking kernel.debug kern_fork.o(.text+0x1d18): In function `fork1': /usr/src/sys/kern/kern_fork.c:737: undefined reference to `knote_fork' *** Error code 1 Stop in /usr/obj/usr/src/sys/WILLSZPROXY. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. My box running FreeBSD 7.2-STABLE. Thanks in advance. -- budsz _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"