tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2013-002: kqueue related kernel panic triggered from userland
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2013-002
=================================
Topic: kqueue related kernel panic triggered from userland
Version: NetBSD-current: affected prior to Nov 24th, 2012
NetBSD 6.0: affected
NetBSD 6.0.1: not affected
NetBSD 5.1.*: not affected
NetBSD 5.0.*: not affected
NetBSD 5.0: not affected
Severity: Local system crash
Fixed: NetBSD-current: Nov 24th, 2012
NetBSD-6-0 branch: Nov 24th, 2012
NetBSD-6 branch: Nov 24th, 2012
Please note that NetBSD releases prior to 5.0 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
A user can panic the machine by calling kevent(2) on an unsupported
file descriptor.
Technical Details
=================
A file descriptor that does not support kqueue(2) uses fnullop_kqfilter(9)
to indicate that this operation is not supported. Unfortunately
fnullop_kqfilter(9) returned 0 instead of an error, so the kernel
crashed in the next kevent(2) trying to call a null event handler.
fnullop_kqfilter(9) has been changed to return EOPNOTSUPP when the
file descriptor does not support kqueue.
Solutions and Workarounds
=========================
The following versions contain the fix:
src/sys/kern/kern_event.c
HEAD 1.78
netbsd-6 1.75.2.1
netbsd-6-0 1.75.6.1
src/sys/kern/kern_descrip.c
HEAD 1.219
netbsd-6 1.218.2.1
netbsd-6-0 1.218.8.1
For all affected NetBSD versions, you need to obtain fixed kernel
sources, rebuild and install the new kernel, and reboot the system.
The fixed source may be obtained from the NetBSD CVS repository.
The following instructions briefly summarize how to upgrade your
kernel. In these instructions, replace:
ARCH with your architecture (from uname -m), and
KERNCONF with the name of your kernel configuration file.
To update from CVS, re-build, and re-install the kernel:
# cd src
# cvs update -d -P src/sys/kern/kern_event.c
# cvs update -d -P src/sys/kern/kern_descrip.c
# ./build.sh kernel=KERNCONF
# mv /netbsd /netbsd.old
# cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd
# shutdown -r now
For more information on how to do this, see:
http://www.NetBSD.org/guide/en/chap-kernel.html
Thanks To
=========
Thanks to Christos Zoulas for fixing this problem.
Revision History
================
2013-02-26 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-002.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2013, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2013-002.txt,v 1.1 2013/02/26 18:58:13 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (NetBSD)
iQIcBAEBAgAGBQJRLRHwAAoJEAZJc6xMSnBukmUQAJ/JxHKIy3Mc05korW03dKzo
Zt/f3SaAHDXu00mEOjsbCbX92G0+eY9G5QetmpFPeu+GjdkKOoexD94Nck7JWVWU
0iIHlJnunnPcvXszqvQLUoOx4Iej0VvW6JynVhbHO9asCWyS6yqeuXka4IJoMrXb
A1hySfXqmvvOyrRpp8+6mrmv2sl0Vzne8X7sJUwBt35Z6EB7uLd3Pw6+uyRpPWkN
DPg7I/B1ey/MRof/CKfTlvnkSoiSzo/utrOiaqseBici6QxXxDOfmlo4Vd9GjCS4
GJ3C9ushHgW6+6VwrpkX/ku0WYRbpS9Sf/Uem0CMONZpwOxOQgpvviHaxobCTrCf
GxyZahkuWM3HTcg3Ht+y65wROC7ruHbBrFxS6iAYnjMJA8/PtvNAP1+N08cDbdB+
qXdXrKxY1dnEVqDa6YRCVb2+FccpXp7etTRfxVv3yyiZu9Dr1IlywpqLhpzshs9c
wFkgD3/sIy7WV05/DrWXi0GHXqkUkpWtRgzHH5zYFi3Buu4FuOYC/2U0YaoLM6KE
ddUr5zawlTzOdrXB2ztYHra0y26M7ntiyNyDF5Laj5yUzlBBxXR1y2XMhHH7o/v4
vUrkavrmTXj0Y8bj+LiqRfcnBUR2hKXcRKqekM/RKNJuJ/kkKwPl25f4jGXeY/ng
nDDi2DtzYyBucGqqSPwr
=7s47
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index