|
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-013 ================================= Topic: Bug in NFS server code allows remote denial of service Version: NetBSD-current: source prior to Aug 3, 2002 NetBSD 1.6 beta: source prior to Aug 3, 2002 NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected NetBSD-1.4.*: affected Severity: remote denial of service Fixed: NetBSD-current: Aug 3, 2002 NetBSD-1.6 branch: Aug 3, 2002 (1.6 includes the fix) NetBSD-1.5 branch: September 5, 2002 NetBSD-1.4 branch: not yet Abstract ======== The Network File System (NFS) allows a host to export some or all of its filesystems, or parts of them, so that other hosts can access them over the network and mount them as if they were on local disks. NFS is built on top of the Sun Remote Procedure Call (RPC) framework. An attacker in a position to send RPC messages to an affected NetBSD system can construct a sequence of malicious RPC messages that cause the target system to lock up. Technical Details ================= A part of the NFS server code charged with handling incoming RPC messages had an error which, when the server received a message with a zero-length payload, would cause it to reference the payload from the previous message, creating a loop in the message chain. This would later cause an infinite loop in a different part of the NFS server code which tried to traverse the chain. Certain Linux implementations of NFS produce zero-length RPC messages in some cases. A NetBSD system running an NFS server may lock up when such clients connect. Solutions and Workarounds ========================= If possible, disable the NFS server on your machine. It is still preferable to apply the following fixes to prevent using vulnerable NFS code in the future. The recent NetBSD 1.6 release is not vulnerable to this issue. A full upgrade to NetBSD 1.6 is the recommended resolution for all users able to do so. Many security-related improvements have been made, and indeed this release has been delayed several times in order to include fixes for a number of recent issues. The following instructions describe how to upgrade your kernel by updating your source tree and rebuilding and installing a new version of kernel. * NetBSD-current: Systems running NetBSD-current dated from before 2002-08-03 should be upgraded to NetBSD-current dated 2002-08-03 or later. The following directories need to be updated from the netbsd-current CVS branch (aka HEAD): sys/nfs To update from CVS: # cd src # cvs update -d -P sys/nfs Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.6 beta: Systems running NetBSD 1.6 BETAs and Release Candidates should be upgraded to the NetBSD 1.6 release. If a source-based point upgrade is required, sources from the NetBSD 1.6 branch dated 2002-08-03 or later should be used. The following directories need to be updated from the netbsd-1-6 CVS branch: sys/nfs To update from CVS: # cd src # cvs update -d -P -r netbsd-1-6 sys/nfs Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: Systems running NetBSD 1.5 sources dated from before 2002-09-05 should be upgraded from NetBSD 1.5 sources dated 2002-09-05 or later. The following directories need to be updated from the netbsd-1-5 CVS branch: sys/nfs To update from CVS: # cd src # cvs update -d -P -r netbsd-1-5 sys/nfs Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3: The advisory will be updated with instructions to fix the problem for 1.5-based systems. Thanks To ========= FreeBSD security officers. The advisory text is based on their advisory. The NetBSD Release Engineering teams, for great patience and assistance in dealing with repeated security issues discovered recently. Revision History ================ 2002-09-16 Initial release More Information ================ An up-to-date PGP signed copy of this release will be maintained at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2002-013.txt,v 1.7 2002/09/16 05:17:55 dan Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBPYVqUD5Ru2/4N2IFAQF7VwP9HAw6DGiJI3TmxGeVR/7fNquzCXI6QtSJ evofRBhcsSSNGuTYn9R8KVHdn+f7n8fdc2b3huQ6UCLr3epAgRg6eeCDX8O60fpG DvKUABOJXx1LoUEkGsNGdTizxg3uoD/2GLCvDLhZZiZ4k9srZRRzFT3neyWWdFln EFbs33wT+40= =78tO -----END PGP SIGNATURE-----