From owner-announce-jp@jp.FreeBSD.org Fri Aug  9 14:32:14 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g795WEe47437;
	Fri, 9 Aug 2002 14:32:14 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <20020809.135108.95064669.hrs@eos.ocn.ne.jp>
To: announce-jp@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200208052351.g75Np6cY097801@freefall.freebsd.org>
References: <200208052351.g75Np6cY097801@freefall.freebsd.org>
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 09 Aug 2002 13:51:08 +0900
X-Sequence: announce-jp 1032
Subject: Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:36.nfs
Errors-To: owner-announce-jp@jp.FreeBSD.org
Sender: owner-announce-jp@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020808


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-02:36.nfs (2002-08-05)
 * Bug in NFS server code allows remote denial of service
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:36.nfs
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Mon, 5 Aug 2002 16:51:06 -0700 (PDT)
  Message-Id: <200208052351.g75Np6cY097801@freefall.freebsd.org>
  X-Sequence: announce-jp 1028

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-02:36.nfs                                        Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:       $B%j%b!<%H$+$i%5!<%S%9K832967b2DG=$J(B NFS $B%5!<%P%3!<%I$N%P%0(B
                (Bug in NFS server code allows remote denial of service)

$BJ,N`(B:           core
$B%b%8%e!<%k(B:     nfs
$B9pCNF|(B:         2002-08-05
$B%/%l%8%C%H(B:     Mike Junk <junk@isilon.com>
$B1F6AHO0O(B:       4.6.1-RELEASE-p7 $B$h$jA0$N$9$Y$F$N(B FreeBSD $B%j%j!<%9(B
                $B=$@5F|$h$jA0$N(B 4.6-STABLE
$B=$@5F|(B:         2002-07-19 17:19:53 UTC (RELENG_4)
                2002-08-01 19:31:55 UTC (RELENG_4_6)
                2002-08-01 19:31:54 UTC (RELENG_4_5)
                2002-08-01 19:31:54 UTC (RELENG_4_4)
FreeBSD $B$K8GM-$+(B:       NO


I.   $BGX7J(B - Background

Network File System (NFS) $B$O!"$"$k%[%9%H$N%U%!%$%k%7%9%F%`$N0lIt!"(B
$B$"$k$$$OA4It$r30It$K8x3+$7!"B>$N%[%9%H$+$i%M%C%H%o!<%/7PM3$G(B
$B%m!<%+%k%G%#%9%/$N>l9g$HF1$8$h$&$J%^%&%s%HA`:n$d%"%/%;%9$r2DG=$K(B
$B$9$k$b$N$G$9!#(BNFS $B$O(B Sun Remote Procedure Call (RPC)
$B%U%l!<%`%o!<%/$rMxMQ$7$F$$$^$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

NFS $B%5!<%P$N%3!<%I$K4^$^$l$k!"E~Ce$7$?(B RPC $B%a%C%;!<%8$N=hM}$r(B
$B9T$J$&ItJ,$K$O!"(B0 $B%P%$%H$N%Z%$%m!<%I$r;}$D%a%C%;!<%8$r(B
$B%5!<%P$,<u$1$H$C$?;~$K!"$=$NA0$K<u$1$H$C$?%a%C%;!<%8$N(B
$B%Z%$%m!<%I$r;2>H$7$F$7$^$$!"$=$N7k2L%a%C%;!<%8%A%'!<%s$K%k!<%W$,(B
$B7A@.$5$l$F$7$^$&$H$$$&8m$j$,4^$^$l$F$$$^$9!#$3$l$O(B NFS $B%5!<%P$N(B
$BB>$NItJ,$K$"$k!"%a%C%;!<%8%A%'!<%s$r$?$I$k=hM}$r9T$J$&%3!<%I$G(B
$BL58B%k!<%W$r0z$-5/$3$7$^$9!#(B


III. $B1F6AHO0O(B - Impact

Linux $B$N(B NFS $B<BAu$N0lIt$K$O!"$"$k>r7o2<$G%G!<%?%5%$%:$,(B 0 $B$N(B
RPC $B%a%C%;!<%8$r@8@.$9$k$b$N$,$"$j$^$9!#(BNFS $B%5!<%P$H$7$FF0:n$7$F$$$k(B
FreeBSD $B%7%9%F%`$O!"$=$N$h$&$J%/%i%$%"%s%H$,@\B3$7$?>l9g$K(B
$BL58B%k!<%W$K4Y$C$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B<eE@$r;}$D(B FreeBSD $B%7%9%F%`$K(B RPC $B%a%C%;!<%8$rAw$k$3$H$,(B
$B$G$-$k967b<T$O!"%7%9%F%`$rL58B%k!<%W$K4Y$i$;$k$h$&$J0-0U$r;}$C$?(B
RPC $B%a%C%;!<%8$r:n@.$9$k$3$H$,2DG=$G$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

($BLuCm(B: $B<!$N$$$:$l$+0l$D$K=>$C$F$/$@$5$$!#(B)

1) NFS $B%5!<%P$rL58z$K$7$^$9!#(B/etc/rc.conf $B$G(B nfs_server_enable $BJQ?t$r(B
   "NO" $B$K@_Dj$7!"%7%9%F%`$r:F5/F0$7$F$/$@$5$$!#(B

   $B$^$?!"$b$7@\B3Cf$N(B NFS $B%/%i%$%"%s%H(B (showmount(8) $B%f!<%F%#%j%F%#$G(B
   $BI=<($5$l$^$9(B) $B$,0l$D$b$J$$>l9g$K$O!"C1$K(B mountd $B$H(B nfsd $B$N%W%m%;%9$r(B
   kill $B$9$k$@$1$G==J,$G$9!#(B

2) $B?.MQ$G$-$J$$%[%9%H$+$i(B NFS $B%5!<%P$KAw$i$l$k(B RPC $B%H%i%U%#%C%/$r<WCG$9$k(B
   $B$h$&$J%U%!%$%"%&%)!<%k%k!<%k$r@_Dj$7$^$9!#(B


V.   $B2r7h:v(B - Solution

$B<!$N=$@5%Q%C%A$O!"(BFreeBSD 4.4, 4.5, 4.6 $B%7%9%F%`$KE,MQ$G$-$k$3$H$,(B
$B3NG'$5$l$F$$$k$b$N$G$9!#(B

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#(B

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch.asc

b) $B=$@5%Q%C%A$rE,MQ$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch

 ($BLuCm(B: /path/to/patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

c) <URL:http://www.freebsd.org/handbook/kernelconfig.html> $B$K=q$+$l$F$$$k(B
   $B<j=g$K$7$?$,$C$F%+!<%M%k$r:F9=C[$7!"%7%9%F%`$r:F5/F0$7$^$9!#(B


VI.  $B=$@5$N>\:Y(B - Correction details

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

$B%Q%9L>(B                                                          $B%j%S%8%g%s(B
  $B%V%i%s%A(B
- -------------------------------------------------------------------------
src/sys/nfs/nfs_socket.c
  RELENG_4                                                       1.60.2.5
  RELENG_4_6                                                 1.60.2.3.2.1
  RELENG_4_5                                                 1.60.2.1.6.1
  RELENG_4_4                                                 1.60.2.3.4.1
- -------------------------------------------------------------------------


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B
