tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2008-006: Integer overflow in strfmon(3) function
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2008-006
=================================
Topic: Integer overflow in strfmon(3) function
Version: NetBSD-current: affected
NetBSD 4.0: affected
NetBSD 3.1.*: unaffected
NetBSD 3.1: unaffected
NetBSD 3.0: unaffected
NetBSD 3.0.*: unaffected
Severity: Local user may be able to execute arbitrary code
Fixed: NetBSD-current: March 18, 2008
NetBSD-4 branch: March 19, 2008
(4.1 will include the fix)
NetBSD-4-0 branch: March 19, 2008
(4.0.1 will include the fix)
Abstract
========
The strfmon() function contains multiple integer overflows which can be
exploited by a local attacker to cause a crash or potentially execute
arbitrary code.
Technical Details
=================
The vulnerability exists in strfmon() because of the use of the GET_NUMBER()
macro. This macro does not check for integer overflow, and its value is
passed as an argument to the memmove() and memset() functions, which can
result in a crash or possibly the execution of arbitrary code.
This issue has been assigned CVE reference CVE-2008-1391.
Solutions and Workarounds
=========================
The following instructions describe how to upgrade your libc binaries
by updating your source tree and rebuilding and installing a new version
of libc.
* NetBSD-current:
Systems running NetBSD-current dated from before 2008-03-18
should be upgraded to NetBSD-current dated 2008-03-19 or later.
The following files need to be updated from the
netbsd-current CVS branch (aka HEAD):
lib/libc/stdlib/strfmon.c
To update from CVS, re-build, and re-install libc:
# cd src
# cvs update lib/libc/stdlib/strfmon.c
# cd lib/libc
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 4.*:
Systems running NetBSD 4.* sources dated from before
2008-03-19 should be upgraded from NetBSD 4.* source dated
2008-03-20 or later.
The following files need to be updated from the
netbsd-4 or netbsd-4-0 CVS branches:
lib/libc/stdlib/strfmon.c
To update from CVS, re-build, and re-install libc:
# cd src
# cvs update -r <branch_name> lib/libc/stdlib/strfmon.c
# cd lib/libc
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
Thanks To
=========
Maksymilian Arciemowicz for reporting this problem and Christos Zoulas
for providing a fix.
Revision History
================
2008-04-21 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2008-006.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.
Copyright 2008, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2008-006.txt,v 1.1 2008/04/15 20:19:56 adrianp Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
iQCVAwUBSAUSOD5Ru2/4N2IFAQLzCAQAp1P1sXgdVdcBYZ792JaU+ojWGMW3PqR1
tjSnp8rbkENkfGdtGKlkT2rLHshKiM0DzZL6SyiEDleSZtAv4cuzVQZf2ia+5WWR
SI9TOo/WkPivXnwuKxW1XVefH00wv/KK5wsZAXNxWFY/oIs1pNWQ6QUi4umGmj8L
C7he0Od/rdk=
=2ESK
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index