Three serious vulnerabilities in FreeBSD
Information appeared on security.freebsd.org about three serious vulnerabilities in FreeBSD.
To eliminate vulnerabilities, it is suggested to upgrade to the latest version of your branch or apply patches (for details, see the links above). Of course, if you are not using zfs, you are not running named and ntpd, you can not rush with the update.
- Vulnerability in named . When a client requests a DNSSEC record from a CD (Checking Disabled) with a flag, the server can cache unverified data. They can be sent to another client, even if he did not set the CD flag.
All supported FreeBSD branches are vulnerable. Details - FreeBSD-SA-10: 01.bind - Vulnerability in ntpd . When you receive a MODE_PRIVATE request (mode 7) or an error-response from a node that is not specified in the restrict ... noquery and restrict ... ignore sections, the corresponding entry will be created in the log file and even sent a response to the error-response.
An attacker could send an error-response with a fake sender's ip (for example, from the ip of the most vulnerable ntpd server or the second also vulnerable ntpd server). As a result, the server will endlessly send packets with an error-response, slowing down the network, eating processor resources, and free space on the hard disk, which sooner or later will lead to DoS.
')
All supported FreeBSD branches are vulnerable. Details - FreeBSD-SA-10: 02.ntpd - Vulnerability in ZFS ZIL . ZFS Intent Log ("ZIL") is a mechanism for deferring write operations to a hard disk, producing them only in RAM. In case of any failure (for example, power failure), the intent-log-file is analyzed and data lost due to the failure is added to the hard disk.
The vulnerability is as follows. If the setattr transaction is not completed due to a power outage or other failure, when analyzing the log file, 07777 will be set instead of the access rights specified in the transaction. This may result in privilege escalation or reading / editing of an arbitrary file.
The vulnerability is present in FreeBSD> = 7.0. Details - FreeBSD-SA-10: 03.zfs
To eliminate vulnerabilities, it is suggested to upgrade to the latest version of your branch or apply patches (for details, see the links above). Of course, if you are not using zfs, you are not running named and ntpd, you can not rush with the update.
Source: https://habr.com/ru/post/80211/
All Articles