diff options
author | simon <simon@FreeBSD.org> | 2005-06-30 07:00:52 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-06-30 07:00:52 +0800 |
commit | c3dd5936f23b0101bd87dde47c6ec5afc6fa026b (patch) | |
tree | 22941db68270f386bc753258e9670f91ea09b6b7 /security/vuxml | |
parent | 825639286d6ec6c7972027bd94e88b10f851b56a (diff) | |
download | freebsd-ports-gnome-c3dd5936f23b0101bd87dde47c6ec5afc6fa026b.tar.gz freebsd-ports-gnome-c3dd5936f23b0101bd87dde47c6ec5afc6fa026b.tar.zst freebsd-ports-gnome-c3dd5936f23b0101bd87dde47c6ec5afc6fa026b.zip |
Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp.
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c9064ac73e1d..aeed9b7248b4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,148 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f70f8860-e8ee-11d9-b875-0001020eed82"> + <topic>kernel -- ipfw packet matching errors with address tables</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>5.4</ge><le>5.4_3</le></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>The ipfw tables lookup code caches the result of the last + query. The kernel may process multiple packets + concurrently, performing several concurrent table lookups. + Due to an insufficient locking, a cached result can become + corrupted that could cause some addresses to be incorrectly + matched against a lookup table.</p> + <h1>Impact</h1> + <p>When lookup tables are used with ipfw, packets may on very + rare occasions incorrectly match a lookup table. This could + result in a packet being treated contrary to the defined + packet filtering ruleset. For example, a packet may be + allowed to pass through when it should have been + discarded.</p> + <p>The problem can only occur on Symmetric Multi-Processor + (SMP) systems, or on Uni Processor (UP) systems with the + PREEMPTION kernel option enabled (not the default).</p> + <h1>Workaround</h1> + <p>a) Do not use lookup tables.</p> + <p>OR</p> + <p>b) Disable concurrent processing of packets in the network + stack by setting the "debug.mpsafenet=0" tunable:</p> + <p># echo "debug.mpsafenet=0" << /boot/loader.conf</p> + </body> + </description> + <references> + <cvename>CAN-2005-2019</cvename> + <freebsdsa>SA-05:13.ipfw</freebsdsa> + </references> + <dates> + <discovery>2005-06-29</discovery> + <entry>2005-06-29</entry> + </dates> + </vuln> + + <vuln vid="197f444f-e8ef-11d9-b875-0001020eed82"> + <topic>bzip2 -- denial of service and permission race vulnerabilities</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>5.4</ge><le>5.4_3</le></range> + <range><ge>5.*</ge><le>5.3_17</le></range> + <range><ge>4.11</ge><le>4.11_11</le></range> + <range><le>4.10_16</le></range> + </system> + <package> + <name>bzip2</name> + <range><lt>1.0.3_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>Two problems have been discovered relating to the + extraction of bzip2-compressed files. First, a carefully + constructed invalid bzip2 archive can cause bzip2 to enter + an infinite loop. Second, when creating a new file, bzip2 + closes the file before setting its permissions.</p> + <h1>Impact</h1> + <p>The first problem can cause bzip2 to extract a bzip2 + archive to an infinitely large file. If bzip2 is used in + automated processing of untrusted files this could be + exploited by an attacker to create an denial-of-service + situation by exhausting disk space or by consuming all + available cpu time.</p> + <p>The second problem can allow a local attacker to change the + permissions of local files owned by the user executing bzip2 + providing that they have write access to the directory in + which the file is being extracted.</p> + <h1>Workaround</h1> + <p>Do not uncompress bzip2 archives from untrusted sources and + do not uncompress files in directories where untrusted users + have write access.</p> + </body> + </description> + <references> + <cvename>CAN-2005-0953</cvename> + <cvename>CAN-2005-1260</cvename> + <freebsdsa>SA-05:14.bzip2</freebsdsa> + </references> + <dates> + <discovery>2005-03-30</discovery> + <entry>2005-06-29</entry> + </dates> + </vuln> + + <vuln vid="3ec8f43b-e8ef-11d9-b875-0001020eed82"> + <topic>kernel -- TCP connection stall denial of service</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>5.4</ge><le>5.4_3</le></range> + <range><ge>5.*</ge><le>5.3_17</le></range> + <range><ge>4.11</ge><le>4.11_11</le></range> + <range><le>4.10_16</le></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>Two problems have been discovered in the FreeBSD TCP stack.</p> + <p>First, when a TCP packets containing a timestamp is + received, inadequate checking of sequence numbers is + performed, allowing an attacker to artificially increase the + internal "recent" timestamp for a connection.</p> + <p>Second, a TCP packet with the SYN flag set is accepted for + established connections, allowing an attacker to overwrite + certain TCP options.</p> + <h1>Impact</h1> + <p>Using either of the two problems an attacker with knowledge + of the local and remote IP and port numbers associated with + a connection can cause a denial of service situation by + stalling the TCP connection. The stalled TCP connection my + be closed after some time by the other host.</p> + <h1>Workaround</h1> + <p>In some cases it may be possible to defend against these + attacks by blocking the attack packets using a firewall. + Packets used to effect either of these attacks would have + spoofed source IP addresses.</p> + </body> + </description> + <references> + <cvename>CAN-2005-0356</cvename> + <cvename>CAN-2005-2068</cvename> + <freebsdsa>SA-05:15.tcp</freebsdsa> + </references> + <dates> + <discovery>2005-06-29</discovery> + <entry>2005-06-29</entry> + </dates> + </vuln> + <vuln vid="76adaab0-e4e3-11d9-b875-0001020eed82"> <topic>ethereal -- multiple protocol dissectors vulnerabilities</topic> <affects> |