January 8, 2010 at 00:06Three serious vulnerabilities in FreeBSD
Security.freebsd.org reports three serious vulnerabilities in FreeBSD.
To eliminate vulnerabilities, it is proposed to upgrade to the latest version of your branch or apply patches (for details, see the links above). Of course, if you do not use zfs, you do not have named and ntpd running, you can take the time to upgrade.
- Vulnerability in named . When a DNSSEC client requests a record with a CD (Checking Disabled) flag, the server can cache unverified data. They can be sent to another client, even if he did not set the CD flag.
All supported FreeBSD branches are vulnerable. Details - FreeBSD-SA-10: 01.bind - Vulnerability in ntpd . Upon receipt of a MODE_PRIVATE (mode 7) or error-response request from a node not specified in the restrict ... noquery and restrict ... ignore sections, the corresponding record will be created in the log file and even an error-response response will be sent.
An attacker can send an error response with a fake sender ip (for example, from the ip of the most vulnerable ntpd server or the second also vulnerable ntpd server). As a result, the server will endlessly send error-response packets, slowing down the network, eating up processor resources, and free space on the hard disk, which will sooner or later lead to DoS.
All supported FreeBSD branches are vulnerable. Details - FreeBSD-SA-10: 02.ntpd - Vulnerability in ZFS ZIL . ZFS Intent Log ("ZIL") is a mechanism that allows you to postpone write operations to the hard drive, producing them only in RAM. In the event of a failure (for example, a power outage), an intent-log file is analyzed and data lost as a result of the failure is added to the hard disk.
The vulnerability is as follows. If the setattr transaction is not completed due to a power outage or other failure, when analyzing the log file instead of the permissions specified in the transaction, 07777 will be set. This can lead to privilege escalation or reading / changing an arbitrary file.
Vulnerability is present in FreeBSD> = 7.0. Details - FreeBSD-SA-10: 03.zfs
To eliminate vulnerabilities, it is proposed to upgrade to the latest version of your branch or apply patches (for details, see the links above). Of course, if you do not use zfs, you do not have named and ntpd running, you can take the time to upgrade.