headers
NetBSD Security Officer | 8 Jul 2009 06:45
Picon

NetBSD Security Advisory 2009-008: OpenSSL ASN1 parsing denial of service and CMS signature verification weakness


		 NetBSD Security Advisory 2009-008
		 =================================

Topic:		OpenSSL ASN1 parsing denial of service and CMS
		signature verification weakness

Version:	NetBSD-current:		affected prior to 2009-03-27
		NetBSD 5.0:		not affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8k

Severity:	Denial of Service, Forgery of CMS signatures

Fixed:		NetBSD-current:		May 27, 2009
		NetBSD-4 branch:	July 4, 2009 (4.1 will include the fix)
		NetBSD-4-0 branch:	July 4, 2009 (4.0.2 will include the fix)
		pkgsrc 2009Q1:		openssl-0.9.8k corrects this issue

Please note that NetBSD releases prior to 4.0, as well as the pre-release
versions of NetBSD 5.0, are no longer supported. It is recommended that
all users upgrade to a supported release.

Abstract
========

A handling error in the ASN1 parser functions can cause an
application linked against libcrypto to crash. Another
vulnerability in the CMS signature verification algorithm
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 8 Jul 2009 06:46
Picon

NetBSD Security Advisory 2009-009: OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities


		 NetBSD Security Advisory 2009-009
		 =================================

Topic:		OpenSSL DTLS Memory Exhaustion and DSA signature
		verification vulnerabilities

Version:	NetBSD-current:		affected prior to 2009-07-04
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			openssl package prior to 0.9.8j

Severity:	Denial of Service, DSA signature spoofing

Fixed:		NetBSD-current:		July 4, 2009
		NetBSD-5-0 branch:	July 4, 2009 (NetBSD 5.0.1 will include the fix)
		NetBSD-5 branch:	July 4, 2009 (NetBSD 5.1 will include the fix)
		NetBSD-4-0 branch:	July 4, 2009 (NetBSD 4.0.2 will include the fix)
		NetBSD-4 branch:	July 4, 2009 (NetBSD 4.1 will include the fix)
		pkgsrc 2009Q1:		openssl-0.9.8j corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Two range check errors in the DTLS code allow a remote attacker
to exhaust memory by executing too many out of sequence handshakes
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 14 Jul 2009 23:31
Picon

NetBSD Security Advisory 2009-010: ISC dhclient subnet-mask flag stack overflow


		 NetBSD Security Advisory 2009-010
		 =================================

Topic:		ISC dhclient subnet-mask flag stack overflow

Version:	NetBSD-current:		affected before June 24, 2009
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			isc-dhclient package prior to
					4.1.0p1, 4.0.1p1, or 3.1.2p1

Severity:	Arbitrary Code Execution

Fixed:		NetBSD-current:		June 24, 2009
		NetBSD-5-0 branch:	July 14, 2009 20:00 UTC
		NetBSD-5 branch:	July 14, 2009 20:00 UTC
		NetBSD-4-0 branch:	July 14, 2009 20:00 UTC
		NetBSD-4 branch:	July 14, 2009 20:00 UTC
		pkgsrc 2009Q2:		isc-dhclient-4.1.0p1, 4.0.1p1 and
					3.1.2p1 correct the issue

Abstract
========

A stack overflow vulnerability in ISC dhclient allows an attacker
operating a rogue DHCP server to execute arbitrary code with root
privileges on the affected system by supplying a specially crafted
subnet-mask parameter.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Taylor R Campbell | 17 Jul 2009 22:39
Favicon

Re: NetBSD Security Advisory 2009-009: OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities

I learned the hard way when following these instructions *not* to
additionally update src/lib/libcrypto, which, in combination with the
installation of the freshly built libraries, rendered su(1) broken.
Fortunately I found a root shell prompt among my screens, so I was
able to diagnose and work around the problem.

The problem was that Updating src/lib/libcrypto brought in Joerg
Sonnenberger's change to make libcrypto use libc's new SHA-224
implementation -- but since I had not also installed a new libc,
loading any object linked against libcrypto would fail.

This makes me wonder, though: how sensitive are the security advisory
instructions to changes in the CVS tree?  If this vulnerability had
required a change in src/lib/libcrypto, and the instructions said to
update src/lib/libcrypto, would that have stopped Joerg Sonnenberger
from making libcrypto use libc's new SHA-224 implementation?  Is it
recommended instead just to update the entire tree whenever these
things come out, rather than parts of the tree incrementally?
Permalink | Reply | 2 comments |
headers
Tonnerre LOMBARD | 18 Jul 2009 16:36
Picon

Re: NetBSD Security Advisory 2009-009: OpenSSL DTLS Memory Exhaustion and DSA signature verification vulnerabilities

Salut,

On Fri, Jul 17, 2009 at 04:39:13PM -0400, Taylor R Campbell wrote:
> The problem was that Updating src/lib/libcrypto brought in Joerg
> Sonnenberger's change to make libcrypto use libc's new SHA-224
> implementation -- but since I had not also installed a new libc,
> loading any object linked against libcrypto would fail.

I guess so, but I don't think we can guarantee that the instructions
of an advisory won't "go bad" due to a separate advisory (which will
be issued soon, by the way).

I think the binary updates I was working on would solve this problem,
but due to too many demands on various sides ("You must send full file
replacements", "You must use PGP, not SSL") I had to put this project
in the fridge until I have time to take care of them all.

				Tonnerre
Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 28 Jul 2009 23:51
Picon

NetBSD Security Advisory 2009-011: ISC DHCP server Denial of Service vulnerability


		 NetBSD Security Advisory 2009-011
		 =================================

Topic:		ISC DHCP server Denial of Service vulnerability

Version:	NetBSD-current:		affected prior to 2009-07-16
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			isc-dhcpd package prior to 3.1.1p1

Severity:	Denial of Service

Fixed:		NetBSD-current:		Jul 16, 2009
		NetBSD-5-0 branch:	Jul 17, 2009
		NetBSD-5 branch:	Jul 17, 2009
		NetBSD-4-0 branch:	Jul 17, 2009
		NetBSD-4 branch:	Jul 17, 2009
		pkgsrc 2009Q2:		isc-dhcpd-3.1.1p1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A reference counting error in dhcpd allows a remote attacker to cause
a daemon crash by submitting requests with the same client ID on
different interfaces served by the same daemon.
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 28 Jul 2009 23:52
Picon

NetBSD Security Advisory 2009-012: SHA2 implementation potential buffer overflow


		 NetBSD Security Advisory 2009-012
		 =================================

Topic:		SHA2 implementation potential buffer overflow

Version:	NetBSD-current:		affected prior to 2009-05-26
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected

Severity:	Denial of Service

Fixed:		NetBSD-current:		May 26, 2009
		NetBSD-5-0 branch:	Jul 11, 2009
		NetBSD-5 branch:	Jul 11, 2009
		NetBSD-4-0 branch:	Jul 22, 2009
		NetBSD-4 branch:	Jul 22, 2009

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An error initializing a SHA2 context causes vulnerable applications using
libcrypto to suffer from a 4- or 8-byte buffer overflow (for SHA256 and
SHA512 correspondingly) with fixed content, potentially causing
applications to crash.
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 29 Jul 2009 09:30
Picon

NetBSD Security Advisory 2009-013: BIND named dynamic update Denial of Service vulnerability


		 NetBSD Security Advisory 2009-013
		 =================================

Topic:		BIND named dynamic update Denial of Service vulnerability

Version:	NetBSD-current:		affected prior to 2009-07-29
		NetBSD 5.0:		affected
		NetBSD 4.0.*:		affected
		NetBSD 4.0:		affected
		pkgsrc:			bind package prior to 9.5.1pl3 and 9.6.1pl1

Severity:	Denial of Service

Fixed:		NetBSD-current:		July 28, 2009 21:13 UTC
		NetBSD-5-0 branch:	July 28, 2009 22:26 UTC
		NetBSD-5 branch:	July 28, 2009 22:26 UTC
		NetBSD-4-0 branch:	July 28, 2009 22:19 UTC
		NetBSD-4 branch:	July 28, 2009 22:19 UTC
		pkgsrc 2009Q2:		bind-9.5.1pl3 and bind-9.6.1pl1 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An assertion failure in the Berkeley Internet Name Domain server
software shipped in NetBSD can be used by a remote attacker to
cause the server process to crash by sending specially crafted
(Continue reading)

Permalink | Reply | 0 comments |
headers
Darren Reed | 30 Jul 2009 07:49
Picon

sshd_config and pam...

I don't know if this is known or not, but it appears that enabling PAM
in your sshd_conf file makes entries such as "PasswordAuthentication"
meaningless. With PAM enabled, I was able to login with ssh using a
password even with the aforementioned setting at "no".

Is it worthwhile adding some sort of warning to sshd that spits out a
message of some sort about this if UsePAM is set to yes and there
are other authentication driven directives present and not commented
out?

Darren
Permalink | Reply | 3 comments |
headers
Soren Jacobsen | 30 Jul 2009 08:07
Picon
Favicon

Re: sshd_config and pam...

On Jul 29, 2009, at 10:49 PM, Darren Reed wrote:

> I don't know if this is known or not

http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=32313
Permalink | Reply | 1 comment |

Gmane