Date: Tue, 17 Sep 2002 12:32:41 +1000
From: NetBSD Security Officer <security-officer@netbsd.org.>
To: [email protected]Subject: NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2002-013
Topic: Bug in NFS server code allows remote denial of service
Version: NetBSD-current: source prior to Aug 3, 2002
NetBSD 1.6 beta: source prior to Aug 3, 2002
NetBSD-1.5.3: affected
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
NetBSD-1.4.*: affected
Severity: remote denial of service
Fixed: NetBSD-current: Aug 3, 2002
NetBSD-1.6 branch: Aug 3, 2002 (1.6 includes the fix)
NetBSD-1.5 branch: September 5, 2002
NetBSD-1.4 branch: not yet
Abstract
========
The Network File System (NFS) allows a host to export some or all of
its filesystems, or parts of them, so that other hosts can access them
over the network and mount them as if they were on local disks. NFS is
built on top of the Sun Remote Procedure Call (RPC) framework.
An attacker in a position to send RPC messages to an affected NetBSD
system can construct a sequence of malicious RPC messages that cause
the target system to lock up.
Technical Details
=================
A part of the NFS server code charged with handling incoming RPC
messages had an error which, when the server received a message with a
zero-length payload, would cause it to reference the payload from the
previous message, creating a loop in the message chain. This would
later cause an infinite loop in a different part of the NFS server
code which tried to traverse the chain.
Certain Linux implementations of NFS produce zero-length RPC messages
in some cases. A NetBSD system running an NFS server may lock up
when such clients connect.
Solutions and Workarounds
If possible, disable the NFS server on your machine. It is
still preferable to apply the following fixes to prevent using
vulnerable NFS code in the future.
The recent NetBSD 1.6 release is not vulnerable to this issue. A full
upgrade to NetBSD 1.6 is the recommended resolution for all users able
to do so. Many security-related improvements have been made, and
indeed this release has been delayed several times in order to include
fixes for a number of recent issues.
The following instructions describe how to upgrade your kernel
by updating your source tree and rebuilding and
installing a new version of kernel.
* NetBSD-current:
Systems running NetBSD-current dated from before 2002-08-03
should be upgraded to NetBSD-current dated 2002-08-03 or later.
The following directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
sys/nfs
To update from CVS:
# cd src
# cvs update -d -P sys/nfs
Configure, compile, install and boot a new kernel according to
the instructions at:
http://www.netbsd.org/Documentation/kernel/#building_a_kernel
* NetBSD 1.6 beta:
Systems running NetBSD 1.6 BETAs and Release Candidates should
be upgraded to the NetBSD 1.6 release.
If a source-based point upgrade is required, sources from the
NetBSD 1.6 branch dated 2002-08-03 or later should be used.
The following directories need to be updated from the
netbsd-1-6 CVS branch:
sys/nfs
To update from CVS:
# cd src
# cvs update -d -P -r netbsd-1-6 sys/nfs
Configure, compile, install and boot a new kernel according to
the instructions at:
http://www.netbsd.org/Documentation/kernel/#building_a_kernel
* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:
Systems running NetBSD 1.5 sources dated from before
2002-09-05 should be upgraded from NetBSD 1.5 sources dated
2002-09-05 or later.
The following directories need to be updated from the
netbsd-1-5 CVS branch:
sys/nfs
To update from CVS:
# cd src
# cvs update -d -P -r netbsd-1-5 sys/nfs
Configure, compile, install and boot a new kernel according to
the instructions at:
http://www.netbsd.org/Documentation/kernel/#building_a_kernel
* NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3:
The advisory will be updated with instructions to fix the problem
for 1.5-based systems.
Thanks To
=========
FreeBSD security officers. The advisory text is based on their advisory.
The NetBSD Release Engineering teams, for great patience and
assistance in dealing with repeated security issues discovered
recently.
Revision History
================
2002-09-16 Initial release
More Information
================
An up-to-date PGP signed copy of this release will be maintained at
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2002-013.txt,v 1.7 2002/09/16 05:17:55 dan Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPYVqUD5Ru2/4N2IFAQF7VwP9HAw6DGiJI3TmxGeVR/7fNquzCXI6QtSJ
evofRBhcsSSNGuTYn9R8KVHdn+f7n8fdc2b3huQ6UCLr3epAgRg6eeCDX8O60fpG
DvKUABOJXx1LoUEkGsNGdTizxg3uoD/2GLCvDLhZZiZ4k9srZRRzFT3neyWWdFln
EFbs33wT+40=
=78tO
-----END PGP SIGNATURE-----