Subject: NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended
To: None <tech-security@netbsd.org, current-users@netbsd.org>
From: NetBSD Security Officer <security-officer@netbsd.org>
List: tech-security
Date: 09/17/2002 12:46:56
-----BEGIN PGP SIGNED MESSAGE-----


		 NetBSD Security Advisory 2002-017
		 =================================

Topic:		shutdown(s, SHUT_RD) on TCP socket does not work as intended

Version:	NetBSD-current:	 source prior to September 7, 2002
		NetBSD 1.6 beta: affected
		NetBSD-1.5.3:	 affected
		NetBSD-1.5.2:	 affected
		NetBSD-1.5.1:	 affected
		NetBSD-1.5:	 affected
		NetBSD-1.4.*:	 affected

Severity:	Unexpected kernel memory consumption

Fixed:		NetBSD-current:	    September 7, 2002
		NetBSD-1.6 branch:  September 7, 2002 (1.6 includes the fix)
		NetBSD-1.5 branch:  September 7, 2002
		NetBSD-1.4 branch:  not yet


Abstract
========

shutdown(s, SHUT_RD) is used to indicate that there should be no inbound
traffic expected on the socket.  There was mistake in TCP with respect to
the handling of shutdown'ed socket, leading to unexpected kernel resource
consumption and unexpected behavior.


Technical Details
=================

Some of sbappend() calls from sys/netinet/tcp_input.c did not consult
SS_CANTRCVMORE flag on socket properly.

http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=18185


Solutions and Workarounds
=========================

The recent NetBSD 1.6 release is not vulnerable to this issue. A full
upgrade to NetBSD 1.6 is the recommended resolution for all users able
to do so. Many security-related improvements have been made, and
indeed this release has been delayed several times in order to include
fixes for a number of recent issues.

The following instructions describe how to upgrade your kernel by
updating your source tree and rebuilding and installing a new version
of kernel.


* NetBSD-current:

	Systems running NetBSD-current dated from before 2002-09-06
	should be upgraded to NetBSD-current dated 2002-09-06 or later.

	The following directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		sys/netinet

	To update from CVS, re-build, re-install kernel and reboot:
		# cd src
		# cvs update -d -P sys/netinet

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.6 beta:

	Systems running NetBSD 1.6 BETAs and Release Candidates should
	be upgraded to the NetBSD 1.6 release.

	If a source-based point upgrade is required, sources from the
	NetBSD 1.6 branch dated 2002-09-06 or later should be used.

	The following directories need to be updated from the
	netbsd-1-6 CVS branch:
		sys/netinet

	To update from CVS, re-build, re-install kernel and reboot:
		# cd src
		# cvs update -d -P -r netbsd-1-6 sys/netinet

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

	Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated
	from before 2002-09-06 should be upgraded from NetBSD 1.5.*
	sources dated 2002-09-06 or later.

	NetBSD 1.5.4 will be shipped with fixes.

	The following directories need to be updated from the
	netbsd-1-5 CVS branch:
		sys/netinet

	To update from CVS, re-build, re-install kernel and reboot:
		# cd src
		# cvs update -d -P -r netbsd-1-5 sys/netinet

	Configure, compile, install and boot a new kernel according to
	the instructions at:
	    http://www.netbsd.org/Documentation/kernel/#building_a_kernel 


* NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3:

	The advisory will be updated to include instructions to remedy
	this problem for systems running the NetBSD-1.4 branch.


Thanks To
=========

Sean Boudreau

The NetBSD Release Engineering teams, for great patience and
assistance in dealing with repeated security issues discovered
recently.


Revision History
================

	2002-09-16	Initial release


More Information
================

Advisories may be updated as new information comes to hand.  The most
recent version of this advisory (PGP signed) can be found at 
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-017.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2002-017.txt,v 1.9 2002/09/16 05:17:55 dan Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPYVqej5Ru2/4N2IFAQFXFQP/TgE2w4hDKtWeccyjBSYEYPji7hgu/IPK
gJztYTRBM4xDKyx76QW+MSoFu/ye+Jfkveh6ZmxGKb2oFzGjbKKyKISk1brBaZ+o
g6mqsd05AACYukIhkRdNOR84bPr086soGRJQFXaLUKbwcUBNQQ43yY8fDqMdEuBd
yk+GJu7hDgQ=
=kfaF
-----END PGP SIGNATURE-----