Revised advisory.
This commit is contained in:
Dag-Erling Smørgrav
parent
c73cbed9bc
commit
4ebf8b68aa
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=41521
1 changed files with 40 additions and 16 deletions
|
|
@ -10,20 +10,27 @@ Topic: Insufficient input validation in the NFS server
|
||||||
Category: core
|
Category: core
|
||||||
Module: nfsserver
|
Module: nfsserver
|
||||||
Announced: 2013-04-29
|
Announced: 2013-04-29
|
||||||
|
Revised: 2013-04-29
|
||||||
Credits: Adam Nowacki
|
Credits: Adam Nowacki
|
||||||
Affects: All supported versions of FreeBSD.
|
Affects: All supported versions of FreeBSD.
|
||||||
Corrected: 2013-04-29 20:15:43 UTC (stable/8, 8.4-PRERELEASE)
|
Corrected: 2013-04-29 21:10:49 UTC (stable/8, 8.4-PRERELEASE)
|
||||||
2013-04-29 20:15:47 UTC (releng/8.3, 8.3-RELEASE-p8)
|
2013-04-29 21:10:53 UTC (releng/8.3, 8.3-RELEASE-p8)
|
||||||
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC1-p1)
|
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC1-p1)
|
||||||
2013-04-29 20:16:25 UTC (releng/8.4, 8.4-RC2-p1)
|
2013-04-29 21:11:31 UTC (releng/8.4, 8.4-RC2-p1)
|
||||||
2013-04-29 20:15:55 UTC (stable/9, 9.1-STABLE)
|
2013-04-29 21:11:01 UTC (stable/9, 9.1-STABLE)
|
||||||
2013-04-29 20:16:00 UTC (releng/9.1, 9.1-RELEASE-p3)
|
2013-04-29 21:11:05 UTC (releng/9.1, 9.1-RELEASE-p3)
|
||||||
CVE Name: CVE-2013-3266
|
CVE Name: CVE-2013-3266
|
||||||
|
|
||||||
For general information regarding FreeBSD Security Advisories,
|
For general information regarding FreeBSD Security Advisories,
|
||||||
including descriptions of the fields above, security branches, and the
|
including descriptions of the fields above, security branches, and the
|
||||||
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
||||||
|
|
||||||
|
0. Revision History
|
||||||
|
|
||||||
|
v1.0 2013-04-29 Initial release.
|
||||||
|
v1.1 2013-04-29 Corrected patch URL.
|
||||||
|
Additional workaround information.
|
||||||
|
|
||||||
I. Background
|
I. Background
|
||||||
|
|
||||||
The Network File System (NFS) allows a host to export some or all of its
|
The Network File System (NFS) allows a host to export some or all of its
|
||||||
|
|
@ -75,6 +82,23 @@ following command:
|
||||||
This will print 1 if the system is running the new NFS implementation,
|
This will print 1 if the system is running the new NFS implementation,
|
||||||
and 0 otherwise.
|
and 0 otherwise.
|
||||||
|
|
||||||
|
To switch to the old NFS implementation:
|
||||||
|
|
||||||
|
1) Append the following lines to /etc/rc.conf:
|
||||||
|
|
||||||
|
nfsv4_server_enable="no"
|
||||||
|
oldnfs_server_enable="yes"
|
||||||
|
|
||||||
|
2) If the NFS server is compiled into the kernel (which is the case
|
||||||
|
for the stock GENERIC kernel), replace the NFSD option with the
|
||||||
|
NFSSERVER option, then recompile your kernel as described in
|
||||||
|
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>.
|
||||||
|
|
||||||
|
If the NFS server is not compiled into the kernel, the correct
|
||||||
|
module will be loaded at boot time.
|
||||||
|
|
||||||
|
3) Finally, reboot the system.
|
||||||
|
|
||||||
V. Solution
|
V. Solution
|
||||||
|
|
||||||
Perform one of the following:
|
Perform one of the following:
|
||||||
|
|
@ -90,8 +114,8 @@ FreeBSD release branches.
|
||||||
a) Download the relevant patch from the location below, and verify the
|
a) Download the relevant patch from the location below, and verify the
|
||||||
detached PGP signature using your PGP utility.
|
detached PGP signature using your PGP utility.
|
||||||
|
|
||||||
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch
|
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch
|
||||||
# fetch http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch.asc
|
# fetch http://security.FreeBSD.org/patches/SA-13:05/nfsserver.patch.asc
|
||||||
# gpg --verify nfsserver.patch.asc
|
# gpg --verify nfsserver.patch.asc
|
||||||
|
|
||||||
b) Apply the patch.
|
b) Apply the patch.
|
||||||
|
|
@ -118,11 +142,11 @@ corrected in FreeBSD.
|
||||||
|
|
||||||
Branch/path Revision
|
Branch/path Revision
|
||||||
- -------------------------------------------------------------------------
|
- -------------------------------------------------------------------------
|
||||||
stable/8/ r250058
|
stable/8/ r250068
|
||||||
releng/8.3/ r250059
|
releng/8.3/ r250069
|
||||||
releng/8.4/ r250062
|
releng/8.4/ r250073
|
||||||
stable/9/ r250060
|
stable/9/ r250070
|
||||||
releng/9.1/ r250061
|
releng/9.1/ r250071
|
||||||
- -------------------------------------------------------------------------
|
- -------------------------------------------------------------------------
|
||||||
|
|
||||||
VII. References
|
VII. References
|
||||||
|
|
@ -133,7 +157,7 @@ The latest revision of this advisory is available at
|
||||||
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
|
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iEYEARECAAYFAlF+18oACgkQFdaIBMps37J1PACgm+zcbGd6xF1hkpvFVJbbwR0Q
|
iEYEARECAAYFAlF+7BUACgkQFdaIBMps37I3LACeIFS/wiaA6eDn9F8ByZ6V8CH4
|
||||||
9PoAnivbP1R0qXFyTlF/t3+sUYcxBtfQ
|
GT4AoIrhX24l+LHxpvtHoaDmKOoBpva5
|
||||||
=polM
|
=bbRm
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue