• »
  • Latest Threats
  • Desktop
  • Server
  • high Severity (Can partially compromise system)

Issues in various FreeBSD daemons and functions can be used as attack vectors for causing Denial of Service

high Severity            Affects:
routed: FreeBSD 8.4 through 10.1-RC2
rtsold: FreeBSD 9.1 through 10.1-RC2
namei: FreeBSD 9.1 through 10.1-RC2

Issues in FreeBSD daemons rtsold and routed, and namei functions can be used as remote attack vectors for causing Denial of Service


rtsold daemon 

Due to a missing length check in the code that handles DNS parameters, a malformed router dvertisement message can result in a stack buffer overflow. Source advisory: FreeBSD-SA-14:20.rtsold


routed daemon 

The input path in routed will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Source advisory: FreeBSD-SA-14:21.routed


namei functions 

The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name. A remote attacker that can cause a sandboxed process (for instance, a web server) to look up a large number of nonexistent path names can cause memory exhaustion. Source advisory: FreeBSD-SA-14:22.namei

RECOMMENDATION

Perform one of the following for all 3 components:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.


2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your vulnerable system via a source code patch follow instructions for each individual component:


Namei

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 9.x]

# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch
# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-9.patch.asc
# gpg --verify namei-9.patch.asc


[FreeBSD 10.x]

# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch
# fetch http://security.FreeBSD.org/patches/SA-14:22/namei-10.patch.asc
# gpg --verify namei-10.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in at http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the system.


Routed

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch
# fetch http://security.FreeBSD.org/patches/SA-14:21/routed.patch.asc
# gpg --verify routed.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/routed.patch

c) Recompile routed. Execute the following commands as root:

# cd /usr/src/sbin/routed
# make && make install

4) Restart the affected service

To restart the affected service after updating the system, either

reboot the system or execute the following command as root:

# service routed restart


Rtsold

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch
# fetch http://security.FreeBSD.org/patches/SA-14:20/rtsold.patch.asc
# gpg --verify rtsold.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/rtsold.patch

c) Recompile rtsold. Execute the following commands as root:

# cd /usr/src/usr.sbin/rtsold
# make && make install

4) Restart the affected service To restart the affected service after updating the system, either reboot the system or execute the following command as root: