-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.1110
             Linux compatibility layer input validation error
                             23 November 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux
Publisher:         FreeBSD
Operating System:  FreeBSD
Impact/Access:     Root Compromise   -- Existing Account
                   Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-4576  

Original Bulletin: 
   ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-12:08.linux.asc

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-12:08.linux                                      Security Advisory
                                                          The FreeBSD Project

Topic:          Linux compatibility layer input validation error

Category:       core
Module:         kernel
Announced:      2012-11-22
Credits:        Mateusz Guzik
Affects:        All supported versions of FreeBSD.
Corrected:      2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE)
                2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11)
                2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE)
                2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5)
                2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE)
                2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5)
                2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1)
                2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1)
                2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1)
CVE Name:       CVE-2012-4576

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

FreeBSD is binary-compatible with the Linux operating system through a
loadable kernel module/optional kernel component.

II.  Problem Description

A programming error in the handling of some Linux system calls may
result in memory locations being accessed without proper validation.

III. Impact

It is possible for a local attacker to overwrite portions of kernel
memory, which may result in a privilege escalation or cause a system
panic.

IV.  Workaround

No workaround is available, but systems not using the Linux binary
compatibility layer are not vulnerable.

The following command can be used to test if the Linux binary
compatibility layer is loaded:

	# kldstat -m linuxelf

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security
branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 9.0, and 9.1 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch
# fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1,
9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via
the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Subversion:

Branch/path                                                      Revision
- - -------------------------------------------------------------------------
stable/7/                                                         r243418
releng/7.4/                                                       r243417
stable/8/                                                         r243417
releng/8.3/                                                       r243417
stable/9/                                                         r243417
releng/9.0/                                                       r243417
releng/9.1/                                                       r243417
- - -------------------------------------------------------------------------

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9

iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt
BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP
=KVp4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUK7PBe4yVqjM2NGpAQL1VQ/9G4JsToOestkbp+WfNMU9buDsK5NSel+T
j5Uqoy4oTcfwFmjdg/fKaxj1mKjfj0qGrvgZIgXDN35DPws4SOszilDqVx8VIVV6
8QWC/+Ei90GSgtd7s4gZuaDb8ofBbns69oK47ytozdWf5Jd02j3VyRDJeTyZ0CGA
UOcHkxKLNgALdhpWpI0rRycXt7Pl89SJnfZTyMgM1P+XXXozCAkooZb23/ewZV8V
O1zgjnvly8mRFoptGnuJzoOBijEfqYucqsi4x8w9UOP4CojiJS2dNGfwN3I511+N
I+uiDOa93aE0Gmp11os7qC3Zq7yjOEYkK+lCCRSH3BBRixTwrPj2sL7m8Hzt2/Wq
O2J8VYaKCeqZI7oNiUa4quj44gSzEeLp/nbnvJgEuK1MOOWGsnEK/6jUWCmRYb4y
R2DtsGDQOFwKPLSKsE3C7905E6e5d/Ux9o5l0UzHPguNgl3J51DlXEzhahscSpTk
eg2wkuSmaYG67EvNx9mDaWgBnuCdrZjPSOz5bTurQ6as+5GXz9BxMkDPaanvaZ1v
oPl5CP4AZkXljYfHi3ckIt24KkaMax1Hq1ouz775JCt0irpv/abAISLxuI8CoSkm
ahS2mleaLpR47HB54Vt/9iZj30OFOWEMQlkZ9EzND/Z1kcl0qsdkWpIoT/firOF+
tNYAZ4BEg2I=
=oK4F
-----END PGP SIGNATURE-----