[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: security fixes...
Mittente: Igor Falcomata'
Data: 28 May 2000 21:46:29 -0000
chi segue bugtraq o "checka" spesso la pagina delle patches di openbsd
lo sapra' gia.. comunque.. sono uscite 3 nuove patch di sicurezza per il
kernel 2.6-stable

http://www.openbsd.org/errata26.html

024: SECURITY FIX: May 26, 2000
Kernel contained an undocumented system call used to lock semaphore
operations while they were being sampled by the ipcs(1) command. This
locking could be used as a local denial of service attack which would
block the exiting of processes which had semaphore resources allocated.
Processes not using semaphores are not affected, so the actual effect is
very minimal. 
A jumbo patch exists which remedies this problem. 

023: SECURITY FIX: May 25, 2000
A misuse of ipf(8) keep-state rules can result in firewall rules being
bypassed. This patch also includes fixes for an unaligned timestamp
issue, and reliability fixes for ipmon and the in-kernel ftp proxy. 
A jumbo patch exists, which remedies this problem, and updates ipf to
version 3.3.16. 

022: SECURITY FIX: May 25, 2000
xlockmore has a localhost attack against it which allows recovery of the
encrypted hash of the root password. The damage to systems using DES
passwords from this attack is pretty heavy, but to systems with a
well-chosen root password under blowfish encoding (see crypt(3)) the
impact is much reduced. (Aside: We do not consider this a localhost root
hole in the default install, since we have not seen a fast blowfish
cracker yet ;-)
A source code patch exists, which remedies this problem. This is the 2nd
patch designed to solve this problem. 


e due per il "pre" 2.7:

http://www.openbsd.org/errata.html

003: SECURITY FIX: May 26, 2000
It is possible to bypass the learning flag on an interface if frames go
directly to the machine acting as a bridge. A source code patch exists
which remedies this problem. 

001: SECURITY FIX: May 25, 2000
A misuse of ipf(8) keep-state rules can result in firewall rules being
bypassed. A source code patch exists, which remedies this problem, and
updates ipf to version 3.3.16. 


---

Poiche' il problema da remoto "piu' evidente" e potenzialmente
pericoloso e' quello di ipfilter, perche' permette di bypassare un
eventuale firewall... vi ricordo che la vulnerabilita' e' sfruttabile
solo nel caso ci sia un rule "return-rst" insieme ad un rule "keep
state" che coinvolgano lo stesso range di ip (anche "any"). In
particolar modo, il "keep state" deve essere generico (senza flag). Se
NON utilizzate return-rst oppure utilizzate "keep state flags S" non
siete vulnerabili.

E' comunque consigliabile applicare la patch, anche perche' effettua
l'aggiornamento di ipfilter alla versione corrente (3.3.16). A
proposito, chi avesse applicato la patch "non ufficiale" passata da me
su openbsd@sikurezza.org, dovra' prima "disapplicarla" (patch -R)
(l'aggiornamento fixa anche quello specifico problema)


bye
Koba


-- 

Igor Falcomata'
igor@infosec.it
koba@sikurezza.org
 --
Infosec srl - www.infosec.it
Network Security & Data Defense
 --
free advertising: www.openbsd.org - Multiplatform Ultra-secure OS



[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005