FreeBSD Security Advisory FreeBSD-SA-12:08.linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel Announced: 2012-11-22 Credits:Mateusz Guzik Affects:All supported versions of FreeBSD. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4576 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit URL:http://security.FreeBSD.org/. I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. II. Problem Description A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. III. Impact It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 9.0, and 9.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc b) Apply the patch. # cd /usr/src # patch /path/to/patch c) Recompile your kernel as described in URL:http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, 9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - - stable/7/ r243418 releng/7.4/ r243417 stable/8/ r243417 releng/8.3/ r243417 stable/9/ r243417 releng/9.0/ r243417 releng/9.1/ r243417 - - VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP =KVp4 -END PGP SIGNATURE- ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Re: FreeBSD Security Advisory FreeBSD-SA-12:08.linux
On 11/22/2012 6:02 PM, FreeBSD Security Advisories wrote: IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf Is it sufficient to kldunload linux? Bryan ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Re: FreeBSD Security Advisory FreeBSD-SA-12:08.linux
On 11/22/2012 6:30 PM, Bryan Drewery wrote: On 11/22/2012 6:02 PM, FreeBSD Security Advisories wrote: IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf Is it sufficient to kldunload linux? Bryan Assuming it is enough to unload[/recompile/reload], here's a tip if it refuses to unload (in use), assuming no securelevel: # kldunload linux kldunload: can't unload file: Device busy # procstat -ka|grep linux 40338 100221 bot -mi_switch sleepq_switch sleepq_catch_signals sleepq_timedwait_sig _cv_timedwait_sig kern_select linux_select syscall Xint0x80_syscall # kill 40338 # kldunload linux # kldstat -m linuxelf kldstat: can't find module linuxelf: No such file or directory -- Regards, Bryan Drewery bdrewery@freenode/EFNet ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:08.linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel Announced: 2012-11-22 Credits:Mateusz Guzik Affects:All supported versions of FreeBSD. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4576 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit URL:http://security.FreeBSD.org/. I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. II. Problem Description A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. III. Impact It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 9.0, and 9.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc b) Apply the patch. # cd /usr/src # patch /path/to/patch c) Recompile your kernel as described in URL:http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, 9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - - stable/7/ r243418 releng/7.4/ r243417 stable/8/ r243417 releng/8.3/ r243417 stable/9/ r243417 releng/9.0/ r243417 releng/9.1/ r243417 - - VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP =KVp4 -END PGP SIGNATURE-
