On 3/1/06, Rodrigo Graeff <[EMAIL PROTECTED]> wrote: > Estou tentando me informar melhor sobre os advisories envolvendo nfs e > openssh porem elas nao existem no ftp geral do freebsd, alguem esta > mais informado que eu e com tempo / saco de comentar sobre ?
Falae delphus, Então, o do openssh afeta apenas o 5.3 e o 5.4, se você não tiver mais 5.x por aí pode ficar despreocupado. II. Problem Description Because OpenSSH and OpenPAM have conflicting designs (one is event- driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections. III. Impact By repeatedly connecting to a vulnerable server, waiting for a password prompt, and closing the connection, an attacker can cause OpenSSH to stop accepting client connections until the system restarts or an administrator manually kills the orphaned PAM processes. IV. Workaround The following command will show a list of orphaned PAM processes: # pgrep -lf 'sshd.*\[pam\]' The following command will kill orphaned PAM processes: # pkill -f 'sshd.*\[pam\]' To prevent OpenSSH from leaving orphaned PAM processes behind, perform one of the following: 1) Disable PAM authentication in OpenSSH. Users will still be able to log in using their Unix password, OPIE or SSH keys. To do this, execute the following commands as root: # echo 'UsePAM no' >>/etc/ssh/sshd_config # /etc/rc.d/sshd restart 2) If disabling PAM is not an option - if, for instance, you use RADIUS authentication, or store user passwords in an SQL database - you may instead disable privilege separation. However, this may leave OpenSSH vulnerable to hitherto unknown bugs, and should be considered a last resort. To do this, execute the following commands as root: # echo 'UsePrivilegeSeparation no' >>/etc/ssh/sshd_config # /etc/rc.d/sshd restart Quando ao do NFS, esse afeta 4.x, 5.x e 6.x: II. Problem Description A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running. III. Impact The NULL pointer deference allows a remote attacker capable of sending RPC messages to an affected FreeBSD system to crash the FreeBSD system. IV. Workaround 1) Disable the NFS server: set the nfs_server_enable variable to "NO" in /etc/rc.conf, and reboot. Alternatively, if there are no active NFS clients (as listed by the showmount(8) utility), simply killing the mountd and nfsd processes should suffice. 2) Add firewall rules to block RPC traffic to the NFS server from untrusted hosts. []s -- Renato Botelho _______________________________________________ freebsd mailing list freebsd@fug.com.br http://lists.fug.com.br/listinfo.cgi/freebsd-fug.com.br