OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: FreeBSD Security Advisories (security-advisoriesFreeBSD.org)
Date: Thu Mar 22 2001 - 15:12:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    =============================================================================
    FreeBSD-SA-01:30 Security Advisory
                                                                    FreeBSD, Inc.

    Topic: UFS/EXT2FS allows disclosure of deleted data

    Category: kernel
    Module: ufs/ext2fs
    Announced: 2001-03-22
    Credits: Sven Berkvens <svenberkvens.net>, Marc Olzheim <zlozlo.nu>
    Affects: All released versions of FreeBSD 3.x, 4.x.
                    FreeBSD 3.5-STABLE prior to the correction date.
                    FreeBSD 4.2-STABLE prior to the correction date.
    Corrected: 2000-12-22 (FreeBSD 3.5-STABLE)
                    2000-12-22 (FreeBSD 4.2-STABLE)
    FreeBSD only: NO

    I. Background

    UFS is the Unix File System, used by default on FreeBSD systems and
    many other UNIX variants. EXT2FS is a filesystem used by default on
    many Linux systems, which is also available on FreeBSD.

    II. Problem Description

    There exists a data consistency race condition which allows users to
    obtain access to areas of the filesystem containing data from deleted
    files. The filesystem code is supposed to ensure that all filesystem
    blocks are zeroed before becoming available to user processes, but in
    a certain specific case this zeroing does not occur, and unzeroed
    blocks are passed to the user with their previous contents intact.
    Thus, if the block contains data which used to be part of a file or
    directory to which the user did not have access, the operation results
    in unauthorized access of data.

    All versions of FreeBSD 3.x and 4.x prior to the correction date
    including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
    problem. This problem is not specific to FreeBSD systems and is
    believed to exist on many filesystems.

    This problem was corrected prior to the forthcoming release of FreeBSD
    4.3.

    III. Impact

    Unprivileged users may obtain access to data which was part of deleted
    files.

    IV. Workaround

    None appropriate.

    V. Solution

    Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
    after the respective correction dates.

    To patch your present system: download the relevant patch from the
    below location, and execute the following commands as root:

    # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch
    # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc

    Verify the detached PGP signature using your PGP utility.

    This patch has been verified to apply against FreeBSD 3.5.1-RELEASE,
    FreeBSD 4.1.1-RELEASE and FreeBSD 4.2-RELEASE. It may or may not
    apply to older, unsupported releases.

    # cd /usr/src
    # patch -p < /path/to/patch

    Rebuild and reinstall your kernel as described in the FreeBSD handbook
    at the following URL:

      http://www.freebsd.org/handbook/kernelconfig.html

    and reboot for the changes to take effect.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (FreeBSD)
    Comment: For info see http://www.gnupg.org

    iQCVAwUBOrpp2lUuHi5z0oilAQEXFwQAjIKJPtcwJOW2nyLkkIl9Ma59xpuOWEHL
    gZr7KQ6xi2KVH8D6Jztt8gaF+Qb3HRyq8BQUzqL20f+O8yfr8IyX0w5OWu1VkEYu
    ctKKwhMRtd+Cc4L9Y56Ck3DhK5CgDwCVUlThNShR8/omKFd+pWulYcaIdKwTzZIe
    aCnSgvTvAHU=
    =Jn5m
    -----END PGP SIGNATURE-----

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message