[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2015-005: buffer overflow in libevent (CVE-2014-6272)
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2015-005
Topic: buffer overflow in libevent (CVE-2014-6272)
Version: NetBSD-current: source prior to Jan 29th
NetBSD 6.1 - 6.1.5: affected
NetBSD 6.0 - 6.0.6: affected
NetBSD 5.1 - 5.1.4: affected
NetBSD 5.2 - 5.2.2: affected
Severity: DoS, potential code execution
Fixed: NetBSD-current: Jan 30th, 2015
NetBSD-7 branch: Feb 9th, 2015
NetBSD-6-0 branch: Feb 5th, 2015
NetBSD-6-1 branch: Feb 5th, 2015
NetBSD-6 branch: Feb 5th, 2015
NetBSD-5-2 branch: Feb 5th, 2015
NetBSD-5-1 branch: Feb 5th, 2015
NetBSD-5 branch: Feb 5th, 2015
Teeny versions released later than the fix date will contain the fix.
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
A defect in the libevent evbuffer API leaves programs that
pass inputs that in sum overflow size_t to evbuffers vulnerable to
a possible heap overflow or infinite loop. For this to be a security
issue, the vulnerable program also must not be sanitizing buffer sizes
supplied by the user.
A program that uses evbuffer_add or evbuffer_expand followed by a
bufferevent_write in NetBSD-6 or below, and additionally
evbuffer_prepend, evbuffer_reserve_space or evbuffer_read in NetBSD-7
and -current, and does not sanity check user-derived buffer sizes
it passes to the library functions, may allow an attacker to construct
an evbuffer with inconsistent size and to overwrite parts of
the program's memory outside the evbuffer.
Solutions and Workarounds
- From source:
Update src and rebuild and install.
- From tarballs:
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
with a date later than the fix date for your branch as listed above,
and your release version and architecture
and then extract the files:
tar xzpf base.tgz \*libevent\*
And static libraries and linker config files:
tar xzpf comp.tgz \*libevent\*
Get the fixed library into use
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libevent.
The easiest way to do this is to reboot the system.
Another method using /bin/sh:
ps ax -o pid | (while read pid; do \
pmap $pid | egrep 'libevent' && echo found $pid ;\
will find non-chrooted programs that have the affected libraries
open; restart them.
ldd <programname> will show the shared libraries a program will want to use.
Fixed vulnerable source versions
Thanks to Andrew Bartlett of Catalyst (catalyst.net.nz) for
reporting this issue and Nick Mathewson of libevent for their
advisory and fix.
2015-03-17 Initial release
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2015, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2015-005.txt,v 1.1 2015/03/17 06:58:44 spz Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
Main Index |
Thread Index |