From security-officer@netbsd.org Tue Sep 17 21:46:03 2002 From: NetBSD Security Officer To: full-disclosure@lists.netsys.com Date: Tue, 17 Sep 2002 12:51:18 +1000 Subject: [Full-Disclosure] NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-017 ================================= Topic: shutdown(s, SHUT_RD) on TCP socket does not work as intended Version: NetBSD-current: source prior to September 7, 2002 NetBSD 1.6 beta: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected NetBSD-1.4.*: affected Severity: Unexpected kernel memory consumption Fixed: NetBSD-current: September 7, 2002 NetBSD-1.6 branch: September 7, 2002 (1.6 includes the fix) NetBSD-1.5 branch: September 7, 2002 NetBSD-1.4 branch: not yet Abstract ======== shutdown(s, SHUT_RD) is used to indicate that there should be no inbound traffic expected on the socket. There was mistake in TCP with respect to the handling of shutdown'ed socket, leading to unexpected kernel resource consumption and unexpected behavior. Technical Details ================= Some of sbappend() calls from sys/netinet/tcp_input.c did not consult SS_CANTRCVMORE flag on socket properly. http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=18185 Solutions and Workarounds ========================= The recent NetBSD 1.6 release is not vulnerable to this issue. A full upgrade to NetBSD 1.6 is the recommended resolution for all users able to do so. Many security-related improvements have been made, and indeed this release has been delayed several times in order to include fixes for a number of recent issues. The following instructions describe how to upgrade your kernel by updating your source tree and rebuilding and installing a new version of kernel. * NetBSD-current: Systems running NetBSD-current dated from before 2002-09-06 should be upgraded to NetBSD-current dated 2002-09-06 or later. The following directories need to be updated from the netbsd-current CVS branch (aka HEAD): sys/netinet To update from CVS, re-build, re-install kernel and reboot: # cd src # cvs update -d -P sys/netinet Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.6 beta: Systems running NetBSD 1.6 BETAs and Release Candidates should be upgraded to the NetBSD 1.6 release. If a source-based point upgrade is required, sources from the NetBSD 1.6 branch dated 2002-09-06 or later should be used. The following directories need to be updated from the netbsd-1-6 CVS branch: sys/netinet To update from CVS, re-build, re-install kernel and reboot: # cd src # cvs update -d -P -r netbsd-1-6 sys/netinet Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2002-09-06 should be upgraded from NetBSD 1.5.* sources dated 2002-09-06 or later. NetBSD 1.5.4 will be shipped with fixes. The following directories need to be updated from the netbsd-1-5 CVS branch: sys/netinet To update from CVS, re-build, re-install kernel and reboot: # cd src # cvs update -d -P -r netbsd-1-5 sys/netinet Configure, compile, install and boot a new kernel according to the instructions at: http://www.netbsd.org/Documentation/kernel/#building_a_kernel * NetBSD 1.4, 1.4.1, 1.4.2, 1.4.3: The advisory will be updated to include instructions to remedy this problem for systems running the NetBSD-1.4 branch. Thanks To ========= Sean Boudreau The NetBSD Release Engineering teams, for great patience and assistance in dealing with repeated security issues discovered recently. Revision History ================ 2002-09-16 Initial release More Information ================ Advisories may be updated as new information comes to hand. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-017.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2002-017.txt,v 1.9 2002/09/16 05:17:55 dan Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBPYVqej5Ru2/4N2IFAQFXFQP/TgE2w4hDKtWeccyjBSYEYPji7hgu/IPK gJztYTRBM4xDKyx76QW+MSoFu/ye+Jfkveh6ZmxGKb2oFzGjbKKyKISk1brBaZ+o g6mqsd05AACYukIhkRdNOR84bPr086soGRJQFXaLUKbwcUBNQQ43yY8fDqMdEuBd yk+GJu7hDgQ= =kfaF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html