date:20120612

Re: Default password hash

2012-06-12 Thread Dag-Erling Smørgrav

The attached patch backports support for sha256 and sha512 hashes to
stable/7.  It is not an exact MFH because the sha code in head uses
stpncpy(), which is not present in stable/7's libc.

DES
-- 
Dag-Erling Smørgrav - d...@des.no

Index: lib/libcrypt
===
--- lib/libcrypt	(revision 236892)
+++ lib/libcrypt	(working copy)

Property changes on: lib/libcrypt
___
Added: svn:mergeinfo
   Merged /head/gnu/libcrypt:r183242
   Merged /head/lib/libcrypt:r179308,183242,213738,213814,213903,216591,220497-220498,221142,221471,227006,234132
Index: lib/libcrypt/crypt.c
===
--- lib/libcrypt/crypt.c	(revision 236892)
+++ lib/libcrypt/crypt.c	(working copy)
@@ -63,6 +63,16 @@
 		$3$
 	},
 	{
+		sha256,
+		crypt_sha256,
+		$5$
+	},
+	{
+		sha512,
+		crypt_sha512,
+		$6$
+	},
+	{
 		NULL,
 		NULL,
 		NULL
Index: lib/libcrypt/crypt-sha512.c
===
--- lib/libcrypt/crypt-sha512.c	(working copy)
+++ lib/libcrypt/crypt-sha512.c	(working copy)
@@ -60,7 +60,7 @@
 #define ROUNDS_MAX 9
 
 static char *
-sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
+crypt_sha512_r(const char *key, const char *salt, char *buffer, int buflen)
 {
 	u_long srounds;
 	int n;
@@ -210,7 +210,9 @@
 
 	/* Now we can construct the result string. It consists of three
 	 * parts. */
-	cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	cp = buffer;
+	strncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	cp += sizeof(sha512_salt_prefix) - 1;
 	buflen -= sizeof(sha512_salt_prefix) - 1;
 
 	if (rounds_custom) {
@@ -221,7 +223,8 @@
 		buflen -= n;
 	}
 
-	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	cp += MIN((size_t)MAX(0, buflen), salt_len);
 	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
 
 	if (buflen  0) {
@@ -280,12 +283,12 @@
 
 /* This entry point is equivalent to crypt(3). */
 char *
-sha512_crypt(const char *key, const char *salt)
+crypt_sha512(const char *key, const char *salt)
 {
 	/* We don't want to have an arbitrary limit in the size of the
 	 * password. We can compute an upper bound for the size of the
 	 * result in advance and so we can prepare the buffer we pass to
-	 * `sha512_crypt_r'. */
+	 * `crypt_sha512_r'. */
 	static char *buffer;
 	static int buflen;
 	int needed;
@@ -305,7 +308,7 @@
 		buflen = needed;
 	}
 
-	return sha512_crypt_r(key, salt, buffer, buflen);
+	return crypt_sha512_r(key, salt, buffer, buflen);
 }
 
 #ifdef TEST
@@ -482,7 +485,7 @@
 	}
 
 	for (cnt = 0; cnt  ntests2; ++cnt) {
-		char *cp = sha512_crypt(tests2[cnt].input, tests2[cnt].salt);
+		char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt);
 
 		if (strcmp(cp, tests2[cnt].expected) != 0) {
 			printf(test %d: expected \%s\, got \%s\\n,
Index: lib/libcrypt/crypt.h
===
--- lib/libcrypt/crypt.h	(revision 236892)
+++ lib/libcrypt/crypt.h	(working copy)
@@ -36,5 +36,8 @@
 char *crypt_md5(const char *pw, const char *salt);
 char *crypt_nthash(const char *pw, const char *salt);
 char *crypt_blowfish(const char *pw, const char *salt);
+char *crypt_sha256 (const char *pw, const char *salt);
+char *crypt_sha512 (const char *pw, const char *salt);
 
 extern void _crypt_to64(char *s, u_long v, int n);
+extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp);
Index: lib/libcrypt/crypt-sha256.c
===
--- lib/libcrypt/crypt-sha256.c	(working copy)
+++ lib/libcrypt/crypt-sha256.c	(working copy)
@@ -60,7 +60,7 @@
 #define ROUNDS_MAX 9
 
 static char *
-sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
+crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen)
 {
 	u_long srounds;
 	int n;
@@ -210,7 +210,9 @@
 
 	/* Now we can construct the result string. It consists of three
 	 * parts. */
-	cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	cp = buffer;
+	strncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	cp += sizeof(sha256_salt_prefix) - 1;
 	buflen -= sizeof(sha256_salt_prefix) - 1;
 
 	if (rounds_custom) {
@@ -221,7 +223,8 @@
 		buflen -= n;
 	}
 
-	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	cp += MIN((size_t)MAX(0, buflen), salt_len);
 	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
 
 	if (buflen  0) {
@@ -268,12 +271,12 @@
 
 /* This entry point is equivalent to crypt(3). */
 char *
-sha256_crypt(const char *key, const char *salt)
+crypt_sha256(const char *key, const char *salt)
 {
 	/* We don't want to have an arbitrary limit in the size of the
 	 * password. We can compute an

Re: Default password hash

2012-06-12 Thread Dag-Erling Smørgrav

The attached patch backports support for sha256 and sha512 hashes to
stable/7.  It is not an exact MFH because the sha code in head uses
stpncpy(), which is not present in stable/7's libc.

DES
-- 
Dag-Erling Smørgrav - d...@des.no

Index: lib/libcrypt
===
--- lib/libcrypt	(revision 236892)
+++ lib/libcrypt	(working copy)

Property changes on: lib/libcrypt
___
Added: svn:mergeinfo
   Merged /head/gnu/libcrypt:r183242
   Merged /head/lib/libcrypt:r179308,183242,213738,213814,213903,216591,220497-220498,221142,221471,227006,234132
Index: lib/libcrypt/crypt.c
===
--- lib/libcrypt/crypt.c	(revision 236892)
+++ lib/libcrypt/crypt.c	(working copy)
@@ -63,6 +63,16 @@
 		$3$
 	},
 	{
+		sha256,
+		crypt_sha256,
+		$5$
+	},
+	{
+		sha512,
+		crypt_sha512,
+		$6$
+	},
+	{
 		NULL,
 		NULL,
 		NULL
Index: lib/libcrypt/crypt-sha512.c
===
--- lib/libcrypt/crypt-sha512.c	(working copy)
+++ lib/libcrypt/crypt-sha512.c	(working copy)
@@ -60,7 +60,7 @@
 #define ROUNDS_MAX 9
 
 static char *
-sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
+crypt_sha512_r(const char *key, const char *salt, char *buffer, int buflen)
 {
 	u_long srounds;
 	int n;
@@ -210,7 +210,9 @@
 
 	/* Now we can construct the result string. It consists of three
 	 * parts. */
-	cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	cp = buffer;
+	strncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	cp += sizeof(sha512_salt_prefix) - 1;
 	buflen -= sizeof(sha512_salt_prefix) - 1;
 
 	if (rounds_custom) {
@@ -221,7 +223,8 @@
 		buflen -= n;
 	}
 
-	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	cp += MIN((size_t)MAX(0, buflen), salt_len);
 	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
 
 	if (buflen  0) {
@@ -280,12 +283,12 @@
 
 /* This entry point is equivalent to crypt(3). */
 char *
-sha512_crypt(const char *key, const char *salt)
+crypt_sha512(const char *key, const char *salt)
 {
 	/* We don't want to have an arbitrary limit in the size of the
 	 * password. We can compute an upper bound for the size of the
 	 * result in advance and so we can prepare the buffer we pass to
-	 * `sha512_crypt_r'. */
+	 * `crypt_sha512_r'. */
 	static char *buffer;
 	static int buflen;
 	int needed;
@@ -305,7 +308,7 @@
 		buflen = needed;
 	}
 
-	return sha512_crypt_r(key, salt, buffer, buflen);
+	return crypt_sha512_r(key, salt, buffer, buflen);
 }
 
 #ifdef TEST
@@ -482,7 +485,7 @@
 	}
 
 	for (cnt = 0; cnt  ntests2; ++cnt) {
-		char *cp = sha512_crypt(tests2[cnt].input, tests2[cnt].salt);
+		char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt);
 
 		if (strcmp(cp, tests2[cnt].expected) != 0) {
 			printf(test %d: expected \%s\, got \%s\\n,
Index: lib/libcrypt/crypt.h
===
--- lib/libcrypt/crypt.h	(revision 236892)
+++ lib/libcrypt/crypt.h	(working copy)
@@ -36,5 +36,8 @@
 char *crypt_md5(const char *pw, const char *salt);
 char *crypt_nthash(const char *pw, const char *salt);
 char *crypt_blowfish(const char *pw, const char *salt);
+char *crypt_sha256 (const char *pw, const char *salt);
+char *crypt_sha512 (const char *pw, const char *salt);
 
 extern void _crypt_to64(char *s, u_long v, int n);
+extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp);
Index: lib/libcrypt/crypt-sha256.c
===
--- lib/libcrypt/crypt-sha256.c	(working copy)
+++ lib/libcrypt/crypt-sha256.c	(working copy)
@@ -60,7 +60,7 @@
 #define ROUNDS_MAX 9
 
 static char *
-sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
+crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen)
 {
 	u_long srounds;
 	int n;
@@ -210,7 +210,9 @@
 
 	/* Now we can construct the result string. It consists of three
 	 * parts. */
-	cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	cp = buffer;
+	strncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	cp += sizeof(sha256_salt_prefix) - 1;
 	buflen -= sizeof(sha256_salt_prefix) - 1;
 
 	if (rounds_custom) {
@@ -221,7 +223,8 @@
 		buflen -= n;
 	}
 
-	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	cp += MIN((size_t)MAX(0, buflen), salt_len);
 	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
 
 	if (buflen  0) {
@@ -268,12 +271,12 @@
 
 /* This entry point is equivalent to crypt(3). */
 char *
-sha256_crypt(const char *key, const char *salt)
+crypt_sha256(const char *key, const char *salt)
 {
 	/* We don't want to have an arbitrary limit in the size of the
 	 * password. We can compute an

FreeBSD Security Advisory FreeBSD-SA-12:03.bind

2012-06-12 Thread FreeBSD Security Advisories

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
FreeBSD-SA-12:03.bind   Security Advisory
  The FreeBSD Project

Topic:  Incorrect handling of zero-length RDATA fields in named(8)

Category:   contrib
Module: bind
Announced:  2012-06-12
Credits:Dan Luther, Jeffrey A. Spain
Affects:All supported versions of FreeBSD
Corrected:  2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name:   CVE-2012-1667

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit URL:http://security.FreeBSD.org/.

I.   Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.

II.  Problem Description

The named(8) server does not properly handle DNS resource records where
the RDATA field is zero length, which may cause various issues for the
servers handling them.

III. Impact

Resolving servers may crash or disclose some portion of memory to the
client.  Authoritative servers may crash on restart after transferring a
zone containing records with zero-length RDATA fields.  These would
result in a denial of service, or leak of sensitive information.

IV.  Workaround

No workaround is available, but systems not running the BIND name
server are not affected.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc

[FreeBSD 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch  /path/to/patch
# cd /usr/src/lib/bind/
# make obj  make depend  make  make install
# cd /usr/src/usr.sbin/named
# make obj  make depend  make  make install

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

4) Install and run BIND from the Ports Collection after the correction
date.  The following versions and newer versions of BIND installed from
the Ports Collection are not affected by this vulnerability:

bind96-9.6.3.1.ESV.R7.1
bind97-9.7.6.1
bind98-9.8.3.1
bind99-9.9.1.1

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch   Revision
  Path
- -
RELENG_7
  src/contrib/bind9/lib/dns/rdata.c   1.1.1.5.2.4
  src/contrib/bind9/lib/dns/rdataslab.c   1.1.1.2.2.5
RELENG_7_4
  src/UPDATING1.507.2.36.2.11
  src/sys/conf/newvers.sh  1.72.2.18.2.14
  src/contrib/bind9/lib/dns/rdata.c   1.1.1.5.2.1.2.1
  src/contrib/bind9/lib/dns/rdataslab.c   1.1.1.2.2.3.2.1
RELENG_8
  src/contrib/bind9/lib/dns/rdata.c   1.2.2.4
  src/contrib/bind9/lib/dns/rdataslab.c   1.2.2.5
RELENG_8_3
  src/UPDATING 1.632.2.26.2.5
  src/sys/conf/newvers.sh   1.83.2.15.2.7
  src/contrib/bind9/lib/dns/rdata.c   1.2.2.2.2.1
  src/contrib/bind9/lib/dns/rdataslab.c   1.2.2.3.2.1
RELENG_8_2
  src/UPDATING

FreeBSD Security Advisory FreeBSD-SA-12:04.sysret

2012-06-12 Thread FreeBSD Security Advisories

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
FreeBSD-SA-12:04.sysret Security Advisory
  The FreeBSD Project

Topic:  Privilege escalation when returning from kernel

Category:   core
Module: sys_amd64
Announced:  2012-06-12
Credits:Rafal Wojtczuk, John Baldwin
Affects:All supported versions of FreeBSD
Corrected:  2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name:   CVE-2012-0217

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit URL:http://security.FreeBSD.org/.

I.   Background

The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.

II.  Problem Description

FreeBSD/amd64 runs on CPUs from different vendors.  Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.

III. Impact

Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.

IV.  Workaround

No workaround is available.

However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.

Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc

b) Apply the patch.

# cd /usr/src
# patch  /path/to/patch

c) Recompile your kernel as described in
URL:http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the
system.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch   Revision
  Path
- -
RELENG_7
  src/sys/amd64/amd64/trap.c   1.319.2.14
RELENG_7_4
  src/UPDATING1.507.2.36.2.11
  src/sys/conf/newvers.sh  1.72.2.18.2.14
  src/sys/amd64/amd64/trap.c   1.319.2.12.2.2
RELENG_8
  src/sys/amd64/amd64/trap.c   1.332.2.24
RELENG_8_3
  src/UPDATING 1.632.2.26.2.5
  src/sys/conf/newvers.sh   1.83.2.15.2.7
  src/sys/amd64/amd64/trap.c   1.332.2.21.2.2
RELENG_8_2
  src/UPDATING1.632.2.19.2.11
  src/sys/conf/newvers.sh  1.83.2.12.2.14
  src/sys/amd64/amd64/trap.c   1.332.2.14.2.2
RELENG_8_1
  src/UPDATING1.632.2.14.2.14
  src/sys/conf/newvers.sh  1.83.2.10.2.15
  src/sys/amd64/amd64/trap.c   1.332.2.10.2.2
RELENG_9
  src/sys/amd64/amd64/trap.c1.357.2.9
RELENG_9_0
  src/UPDATING  1.702.2.4.2.5

ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:04.sysret

2012-06-12 Thread FreeBSD Security Advisories


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
FreeBSD-SA-12:04.sysret Security Advisory
  The FreeBSD Project

Topic:  Privilege escalation when returning from kernel

Category:   core
Module: sys_amd64
Announced:  2012-06-12
Credits:Rafal Wojtczuk, John Baldwin
Affects:All supported versions of FreeBSD
Corrected:  2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name:   CVE-2012-0217

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit URL:http://security.FreeBSD.org/.

I.   Background

The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.

II.  Problem Description

FreeBSD/amd64 runs on CPUs from different vendors.  Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.

III. Impact

Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.

IV.  Workaround

No workaround is available.

However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.

Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc

b) Apply the patch.

# cd /usr/src
# patch  /path/to/patch

c) Recompile your kernel as described in
URL:http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the
system.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch   Revision
  Path
- -
RELENG_7
  src/sys/amd64/amd64/trap.c   1.319.2.14
RELENG_7_4
  src/UPDATING1.507.2.36.2.11
  src/sys/conf/newvers.sh  1.72.2.18.2.14
  src/sys/amd64/amd64/trap.c   1.319.2.12.2.2
RELENG_8
  src/sys/amd64/amd64/trap.c   1.332.2.24
RELENG_8_3
  src/UPDATING 1.632.2.26.2.5
  src/sys/conf/newvers.sh   1.83.2.15.2.7
  src/sys/amd64/amd64/trap.c   1.332.2.21.2.2
RELENG_8_2
  src/UPDATING1.632.2.19.2.11
  src/sys/conf/newvers.sh  1.83.2.12.2.14
  src/sys/amd64/amd64/trap.c   1.332.2.14.2.2
RELENG_8_1
  src/UPDATING1.632.2.14.2.14
  src/sys/conf/newvers.sh  1.83.2.10.2.15
  src/sys/amd64/amd64/trap.c   1.332.2.10.2.2
RELENG_9
  src/sys/amd64/amd64/trap.c1.357.2.9
RELENG_9_0
  src/UPDATING  1.702.2.4.2.5

Re: Default password hash

Re: Default password hash

FreeBSD Security Advisory FreeBSD-SA-12:03.bind

FreeBSD Security Advisory FreeBSD-SA-12:04.sysret

ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:04.sysret

5 matches

Site Navigation

Mail list logo

Footer information