Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0295 kqueue related kernel panic triggered from userland 28 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: NetBSD Operating System: NetBSD Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade Original Bulletin: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2013-002.txt.asc - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2013-002 ================================= Topic: kqueue related kernel panic triggered from userland Version: NetBSD-current: affected prior to Nov 24th, 2012 NetBSD 6.0: affected NetBSD 6.0.1: not affected NetBSD 5.1.*: not affected NetBSD 5.0.*: not affected NetBSD 5.0: not affected Severity: Local system crash Fixed: NetBSD-current: Nov 24th, 2012 NetBSD-6-0 branch: Nov 24th, 2012 NetBSD-6 branch: Nov 24th, 2012 Please note that NetBSD releases prior to 5.0 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract ======== A user can panic the machine by calling kevent(2) on an unsupported file descriptor. Technical Details ================= A file descriptor that does not support kqueue(2) uses fnullop_kqfilter(9) to indicate that this operation is not supported. Unfortunately fnullop_kqfilter(9) returned 0 instead of an error, so the kernel crashed in the next kevent(2) trying to call a null event handler. fnullop_kqfilter(9) has been changed to return EOPNOTSUPP when the file descriptor does not support kqueue. Solutions and Workarounds ========================= The following versions contain the fix: src/sys/kern/kern_event.c HEAD 1.78 netbsd-6 1.75.2.1 netbsd-6-0 1.75.6.1 src/sys/kern/kern_descrip.c HEAD 1.219 netbsd-6 1.218.2.1 netbsd-6-0 1.218.8.1 For all affected NetBSD versions, you need to obtain fixed kernel sources, rebuild and install the new kernel, and reboot the system. The fixed source may be obtained from the NetBSD CVS repository. The following instructions briefly summarize how to upgrade your kernel. In these instructions, replace: ARCH with your architecture (from uname -m), and KERNCONF with the name of your kernel configuration file. To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P src/sys/kern/kern_event.c # cvs update -d -P src/sys/kern/kern_descrip.c # ./build.sh kernel=KERNCONF # mv /netbsd /netbsd.old # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd # shutdown -r now For more information on how to do this, see: http://www.NetBSD.org/guide/en/chap-kernel.html Thanks To ========= Thanks to Christos Zoulas for fixing this problem. Revision History ================ 2013-02-26 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-002.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2013, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2013-002.txt,v 1.1 2013/02/26 18:58:13 tonnerre Exp $ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (NetBSD) iQIcBAEBAgAGBQJRLRHwAAoJEAZJc6xMSnBukmUQAJ/JxHKIy3Mc05korW03dKzo Zt/f3SaAHDXu00mEOjsbCbX92G0+eY9G5QetmpFPeu+GjdkKOoexD94Nck7JWVWU 0iIHlJnunnPcvXszqvQLUoOx4Iej0VvW6JynVhbHO9asCWyS6yqeuXka4IJoMrXb A1hySfXqmvvOyrRpp8+6mrmv2sl0Vzne8X7sJUwBt35Z6EB7uLd3Pw6+uyRpPWkN DPg7I/B1ey/MRof/CKfTlvnkSoiSzo/utrOiaqseBici6QxXxDOfmlo4Vd9GjCS4 GJ3C9ushHgW6+6VwrpkX/ku0WYRbpS9Sf/Uem0CMONZpwOxOQgpvviHaxobCTrCf GxyZahkuWM3HTcg3Ht+y65wROC7ruHbBrFxS6iAYnjMJA8/PtvNAP1+N08cDbdB+ qXdXrKxY1dnEVqDa6YRCVb2+FccpXp7etTRfxVv3yyiZu9Dr1IlywpqLhpzshs9c wFkgD3/sIy7WV05/DrWXi0GHXqkUkpWtRgzHH5zYFi3Buu4FuOYC/2U0YaoLM6KE ddUr5zawlTzOdrXB2ztYHra0y26M7ntiyNyDF5Laj5yUzlBBxXR1y2XMhHH7o/v4 vUrkavrmTXj0Y8bj+LiqRfcnBUR2hKXcRKqekM/RKNJuJ/kkKwPl25f4jGXeY/ng nDDi2DtzYyBucGqqSPwr =7s47 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUS7FI+4yVqjM2NGpAQJg5w//dfQYy+YP+WgJ/RWZ1QCaJtb0nx+ECvfi r6exT8q44tW52fyBUrymmah5yXpp1gRTnm0DFlQ0U6fR8Vu3oY/KyPKzHkuErXt5 prNaEU6dN0GxWLQzzu7j0wngteYqEdEL7wYFuIhuzL3g4ZnJoZWAfaLUN1tehSSn ld6f7odUsj58JLLo3oek9fjDuq69AkNH0ExbG8H1A1i00IJq2wOSOXSjzbigZyiZ vjuVsQqRupdvBETz9726lWPQUJnfumMg24MZ2v4VwZColxN+o+2oDxarPSFU3G7d 9plo0yPYamwce3QQmhtL4fgOq2oSC5g7Qfji/7dJ7L2uj5cj51ainUKNp64SoisA /s+48Zh1phutGFn5AX8gOp3M77NVTqlzTPA5GlQl+zmKXFlmk3CRaKkZJqTko5tE LGbTQjwjYPUIJWaoIocZYDkcqPR0QNcKWZhgKM/pR/5ndzGCQ3Fim3eDLmKECTAi LSi7HKEghLjdOlKTcSAnknF4BhdOB2X6gUQcGWt4urgSI86ho/YxNf8C9kDItaKz yyMZGI0mfL76XdWGbuCtZPN6AzLG2RF8j6uOWbR43Hl4ig0H1J1pi5BVK4jLc87S FPyjdpfIOtQMgZOQevBwYyEV+tCwVPt68+gzjv6LWrPedTUj2K9jBt68sPlWQsiI zlLWId8VX2U= =EgRA -----END PGP SIGNATURE-----