Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1110 Linux compatibility layer input validation error 23 November 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux Publisher: FreeBSD Operating System: FreeBSD Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2012-4576 Original Bulletin: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-12:08.linux.asc - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:08.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer input validation error Category: core Module: kernel Announced: 2012-11-22 Credits: Mateusz Guzik Affects: All supported versions of FreeBSD. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4576 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. II. Problem Description A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. III. Impact It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 9.0, and 9.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch # fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, 9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r243417 releng/8.3/ r243417 stable/9/ r243417 releng/9.0/ r243417 releng/9.1/ r243417 - - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP =KVp4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUK7PBe4yVqjM2NGpAQL1VQ/9G4JsToOestkbp+WfNMU9buDsK5NSel+T j5Uqoy4oTcfwFmjdg/fKaxj1mKjfj0qGrvgZIgXDN35DPws4SOszilDqVx8VIVV6 8QWC/+Ei90GSgtd7s4gZuaDb8ofBbns69oK47ytozdWf5Jd02j3VyRDJeTyZ0CGA UOcHkxKLNgALdhpWpI0rRycXt7Pl89SJnfZTyMgM1P+XXXozCAkooZb23/ewZV8V O1zgjnvly8mRFoptGnuJzoOBijEfqYucqsi4x8w9UOP4CojiJS2dNGfwN3I511+N I+uiDOa93aE0Gmp11os7qC3Zq7yjOEYkK+lCCRSH3BBRixTwrPj2sL7m8Hzt2/Wq O2J8VYaKCeqZI7oNiUa4quj44gSzEeLp/nbnvJgEuK1MOOWGsnEK/6jUWCmRYb4y R2DtsGDQOFwKPLSKsE3C7905E6e5d/Ux9o5l0UzHPguNgl3J51DlXEzhahscSpTk eg2wkuSmaYG67EvNx9mDaWgBnuCdrZjPSOz5bTurQ6as+5GXz9BxMkDPaanvaZ1v oPl5CP4AZkXljYfHi3ckIt24KkaMax1Hq1ouz775JCt0irpv/abAISLxuI8CoSkm ahS2mleaLpR47HB54Vt/9iZj30OFOWEMQlkZ9EzND/Z1kcl0qsdkWpIoT/firOF+ tNYAZ4BEg2I= =oK4F -----END PGP SIGNATURE-----