Security-Announce archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Advisory 2013-006: Arbitrary Kernel Read with netstat -P



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                NetBSD Security Advisory 2013-006
                =================================

Topic:          Arbitrary Kernel Read with netstat -P


Version:        NetBSD-current:         source prior to Jun 21st, 2013
                NetBSD 6.0:             affected
                NetBSD 6.0.*:           affected
                NetBSD 6.1:             affected
                NetBSD 5.1:             affected
                NetBSD 5.2:             affected

Severity:       Information Disclosure

Fixed:          NetBSD-current:         June 20th, 2013
                NetBSD-6-0 branch:      July 29th, 2013
                NetBSD-6-1 branch:      July 29th, 2013
                NetBSD-6 branch:        July 29th, 2013
                NetBSD-5-1 branch:      July 30th, 2013
                NetBSD-5-2 branch:      July 30th, 2013
                NetBSD-5 branch:        July 30th, 2013

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

netstat -P may disclose contents of kernel memory that aren't Protocol
Control Blocks.


Technical Details
=================

netstat -P does not check whether the address it gets called with is
actually pointing to a Protocol Control Block, nor whether (if it is
a PCB) the reader should have privileges to read it. This allows a
malicious user to study arbitrary sections of kernel memory.


Solutions and Workarounds
=========================

Workaround:
Remove the setgid flag from netstat (chmod 555 /usr/bin/netstat).

Solutions:
- - Install a new netstat binary from a daily build later than the
  fix date from the same branch: fetch from
  http://nyftp.NetBSD.org/pub/NetBSD-daily/<branch>/<date>/<arch>/
  the file binary/sets/base.tgz

  cd / && tar xzpf <base.tgz-path> ./usr/bin/netstat

- - Rebuild your system with the fixes applied.

                                HEAD   netbsd-6   netbsd-6-1  netbsd-6-0
src/usr.bin/netstat/inet.c      1.103  1.101.2.1  1.101.14.1  1.101.8.1
src/usr.bin/netstat/inet6.c     1.62   1.59.6.1   1.59.16.1   1.59.12.1
src/usr.bin/netstat/main.c      1.86   1.81.4.1   1.81.10.1   1.81.8.1
src/usr.bin/netstat/netstat.h   1.47   1.43.4.1   1.43.10.1   1.43.8.1

                                netbsd-5  netbsd-5-2     netbsd-5-1
src/usr.bin/netstat/inet.c      1.88.6.2  1.88.6.1.10.1  1.88.6.1.6.1
src/usr.bin/netstat/inet6.c     1.50.6.2  1.50.6.1.10.1  1.50.6.1.6.1
src/usr.bin/netstat/main.c      1.70.4.1  1.70.2.1       1.70.12.1
src/usr.bin/netstat/netstat.h   1.36.8.1  1.36.6.1       1.36.16.1


Thanks To
=========

Thanks to Beverly Schwartz for finding the problem, and informing
the NetBSD Security Officer about it.


Revision History
================

        2013-07-30      Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-006.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2013, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2013-006.txt,v 1.2 2013/07/30 20:44:22 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR+CYEAAoJEAZJc6xMSnBuUNQP/R5ky2UAEDkRrzkuVHU0Hufr
PxOfq5U4Y34nUZQ7IOrZbieBcCuuMNnkQ+Ckm4cSlIGMo5Tv1E2+wTlssS+3A92c
3+FbDe3DYxbKrKP9oHl5AHD+eOAZ0Vx3UlrgK3qAKuEGIxoCLFbIz5LvR9sIJI2S
1Fsxp0705B1pqpkIUN+kZofNe/yFE6JSOnna5bc/inNfBNE18L4sdTGmBQdEloxz
8br2II3uVWMN/9nro8vGKG+NfuWRCr0+mLD7oQ9/csa0gSBKCd6zL7goJruNKNSk
N8js85jz6fZIOFuy8WwD2cAJ1zHAaJvoFMQ48HFOTkFzlUqV+NmmTIKZbLlgUFD5
VxzYOVt7cZLuv3tLlVJapKNLTOS3+fQrsG3iAsnc+N55M+zbd1b11STURT/H/KGv
+FhKmfsAitYTXBptRXv9masJMzfhvUo5vdSpZ3NT2z2ceQx/czW7C08JCqYDOCpd
uROm5CzIRRVHoAIqwdUBb+RcoG9ANTlok5X3SYDdmP2pZh5obXKIP8Bfy8BWusqm
Nc5wf+lix/9egzht9nOH8Hlq4ioix4kAvJZ3wW4Jfln0tCPattm55iTt0DYk7o5G
8+O4pEcccyokqZiZDihv8T1sICWgnAi7B0Rar4YixthT2Rky8C05QGlGVKZZcbyb
ep0P++Vom2F/4t1iFsyq
=ZpXK
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index