Commit revised advisory for 13:06.mmap.
This commit is contained in:
Xin LI
parent
5a760f9fd8
commit
bf1c404ec6
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=41998
1 changed files with 28 additions and 9 deletions
|
|
@ -13,14 +13,20 @@ Announced: 2013-06-18
|
|||
Credits: Konstantin Belousov
|
||||
Alan Cox
|
||||
Affects: FreeBSD 9.0 and later
|
||||
Corrected: 2013-06-18 09:04:19 UTC (stable/9, 9.1-STABLE)
|
||||
2013-06-18 09:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
|
||||
Corrected: 2013-06-18 07:04:19 UTC (stable/9, 9.1-STABLE)
|
||||
2013-06-18 07:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
|
||||
CVE Name: CVE-2013-2171
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:http://security.FreeBSD.org/>.
|
||||
|
||||
0. Revision History
|
||||
|
||||
v1.0 2013-06-18 Initial release.
|
||||
v1.1 2013-06-21 Corrected correction date.
|
||||
Added workaround information.
|
||||
|
||||
I. Background
|
||||
|
||||
The FreeBSD virtual memory system allows files to be memory-mapped.
|
||||
|
|
@ -51,7 +57,23 @@ arbitrary code with user privileges on the target system.
|
|||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
Systems that do not allow unprivileged users to use the ptrace(2)
|
||||
system call are not vulnerable, this can be accomplished by setting
|
||||
the sysctl variable security.bsd.unprivileged_proc_debug to zero.
|
||||
Please note that this will also prevent debugging tools, for instance
|
||||
gdb, truss, procstat, as well as some built-in debugging facilities in
|
||||
certain scripting language like PHP, etc., from working for unprivileged
|
||||
users.
|
||||
|
||||
The following command will set the sysctl accordingly and works until the
|
||||
next reboot of the system:
|
||||
|
||||
sysctl security.bsd.unprivileged_proc_debug=0
|
||||
|
||||
To make this change persistent across reboot, the system administrator
|
||||
should also add the setting into /etc/sysctl.conf:
|
||||
|
||||
echo 'security.bsd.unprivileged_proc_debug=0' >> /etc/sysctl.conf
|
||||
|
||||
V. Solution
|
||||
|
||||
|
|
@ -112,16 +134,13 @@ Or visit the following URL, replacing XXXXXX with the revision number:
|
|||
|
||||
VII. References
|
||||
|
||||
<other info on vulnerability>
|
||||
|
||||
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:06.mmap.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.13 (FreeBSD)
|
||||
|
||||
iEYEARECAAYFAlHAB+YACgkQFdaIBMps37IjFACdFSoiYO1YkcPunLh7Zw4TC6MF
|
||||
X9MAnjjVWB2uEl60Rl3K4WOuJ71AVNlP
|
||||
=8309
|
||||
iEYEARECAAYFAlHExy0ACgkQFdaIBMps37L8PwCdGXatzPm7OWjZu+GmbbXQC16/
|
||||
8sgAoJ0LEmREO8Mp7f4YcLHAEwgnJtjT
|
||||
=WRZD
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
|
|||
Loading…
Reference in a new issue