Revised advisory.
This commit is contained in:
parent
c73cbed9bc
commit
4ebf8b68aa
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=41521
1 changed files with 40 additions and 16 deletions
|
@ -10,20 +10,27 @@ Topic: Insufficient input validation in the NFS server
|
|||
Category: core
|
||||
Module: nfsserver
|
||||
Announced: 2013-04-29
|
||||
Revised: 2013-04-29
|
||||
Credits: Adam Nowacki
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE)
|
||||
2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8)
|
||||
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1)
|
||||
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1)
|
||||
2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE)
|
||||
2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3)
|
||||
Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE)
|
||||
2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8)
|
||||
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1)
|
||||
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1)
|
||||
2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE)
|
||||
2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3)
|
||||
CVE Name: CVE-2013-3266
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
||||
|
||||
0. Revision History
|
||||
|
||||
v1.0 2013-04-29 Initial release.
|
||||
v1.1 2013-04-29 Corrected patch URL.
|
||||
Additional workaround information.
|
||||
|
||||
I. Background
|
||||
|
||||
The Network File System (NFS) allows a host to export some or all of its
|
||||
|
@ -75,6 +82,23 @@ following command:
|
|||
This will print 1 if the system is running the new NFS implementation,
|
||||
and 0 otherwise.
|
||||
|
||||
To switch to the old NFS implementation:
|
||||
|
||||
1) Append the following lines to /etc/rc.conf:
|
||||
|
||||
nfsv4_server_enable="no"
|
||||
oldnfs_server_enable="yes"
|
||||
|
||||
2) If the NFS server is compiled into the kernel (which is the case
|
||||
for the stock GENERIC kernel), replace the NFSD option with the
|
||||
NFSSERVER option, then recompile your kernel as described in
|
||||
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>.
|
||||
|
||||
If the NFS server is not compiled into the kernel, the correct
|
||||
module will be loaded at boot time.
|
||||
|
||||
3) Finally, reboot the system.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
@ -90,8 +114,8 @@ FreeBSD release branches.
|
|||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch
|
||||
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc
|
||||
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch
|
||||
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc
|
||||
# gpg --verify nfsserver.patch.asc
|
||||
|
||||
b) Apply the patch.
|
||||
|
@ -118,11 +142,11 @@ corrected in FreeBSD.
|
|||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/8/ r250058
|
||||
releng/8.3/ r250059
|
||||
releng/8.4/ r250062
|
||||
stable/9/ r250060
|
||||
releng/9.1/ r250061
|
||||
stable/8/ r250068
|
||||
releng/8.3/ r250069
|
||||
releng/8.4/ r250073
|
||||
stable/9/ r250070
|
||||
releng/9.1/ r250071
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
VII. References
|
||||
|
@ -133,7 +157,7 @@ The latest revision of this advisory is available at
|
|||
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q
|
||||
9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ
|
||||
=polM
|
||||
iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4
|
||||
GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5
|
||||
=bbRm
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
Loading…
Reference in a new issue