From owner-announce-jp@jp.FreeBSD.org Thu Aug 22 08:20:51 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g7LNKpv37291;
	Thu, 22 Aug 2002 08:20:51 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <20020822.072158.95972785.hrs@eos.ocn.ne.jp>
To: announce-jp@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200208191256.g7JCuNpx018789@freefall.freebsd.org>
References: <200208191256.g7JCuNpx018789@freefall.freebsd.org>
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 22 Aug 2002 07:21:58 +0900
X-Sequence: announce-jp 1041
Subject: Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error
Errors-To: owner-announce-jp@jp.FreeBSD.org
Sender: owner-announce-jp@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020820


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-02:38.signed-error (2002-08-19)
 * Boundary checking errors involving signed integers
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
  Date: Mon, 19 Aug 2002 05:56:23 -0700 (PDT)
  Message-Id: <200208191256.g7JCuNAd018797@freefall.freebsd.org>
  X-Sequence: announce-jp 1037

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-02:38.signed-error                               Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:	$BId9fIU$-@0?t$K5/0x$9$k6-3&%A%'%C%/$N%(%i!<LdBj(B
                (Boundary checking errors involving signed integers)

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	sys
$B9pCNF|(B:		2002-08-19
$B%/%l%8%C%H(B:	Silvio Cesare <silvio@qualys.com>
$B1F6AHO0O(B:	4.6.1-RELEASE-p10 $B$*$h$S!"$=$l0JA0$N$9$Y$F$N(B FreeBSD $B%j%j!<%9(B
$B=$@5F|(B:		2002-08-13 02:42:32 UTC (RELENG_4)
                2002-08-13 12:12:36 UTC (RELENG_4_6)
                2002-08-13 12:13:05 UTC (RELENG_4_5)
                2002-08-13 12:13:49 UTC (RELENG_4_4)
FreeBSD $B$K8GM-$+(B:	YES


I.   $BGX7J(B - Background

$B$3$N4+9p$G2r@b$7$F$$$kLdBj$O!"(Baccept(2), getsockname(2),
getpeername(2) $B$N3F%7%9%F%`%3!<%k$*$h$S!"(Bvesa(4) $B$N(B
FBIO_GETPALETTE ioctl(2) $B$KB8:_$9$k$b$N$G$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

$B$$$/$D$+$N%7%9%F%`%3!<%k$O!"8F$S=P$7;~$N0z?t$,>o$K@5$N@0?tCM$G$"$k$3$H$r(B
$BA[Dj$7$F$$$k$K$b$+$+$o$i$:!"<B:]$K$O0z?t$rId9fIU$-@0?t7?$G=hM}$7$F$$$^$9!#(B
$B$3$N$3$H$O!"0z?t$KIi$N@0?tCM$rM?$($F$=$N%7%9%F%`%3!<%k$r8F$S=P$7$?>l9g$K!"(B
$B%7%9%F%`%3!<%kCf$N6-3&%A%'%C%/%3!<%I$,8mF0:n$9$k860x$H$J$k4m81@-$,$"$j$^$9!#(B


III. $B1F6AHO0O(B - Impact

$BLdBj$N$"$k%7%9%F%`%3!<%k$r@dBPCM$NBg$-$$Ii$NCM$r0z?t$K$7$F8F$S=P$9$3$H$G!"(B
$B%+!<%M%k$,%+!<%M%k%a%b%j$NBg$-$JItJ,$rJV$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B
$B%+!<%M%k%a%b%j$K$O!"%U%!%$%k$N%-%c%C%7%e$dC<Kv%P%C%U%!$J$I$N(B
$B%;%-%e%j%F%#>e=EMW$J>pJs$N0lIt$,4^$^$l$F$$$k2DG=@-$,$"$j!"(B
$B$3$l$i$N>pJs$rD>@\0-MQ$7$?$j!"$5$i$K9b$$8"8B$rF@$k$?$a$K(B
$B2?$i$+$N7A$GMxMQ$G$-$k$+$bCN$l$^$;$s!#$?$H$($P!"C<Kv%P%C%U%!$K$O(B
$B%f!<%6$,F~NO$7$?%Q%9%o!<%I$,4^$^$l$F$$$k2DG=@-$,$"$j$^$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

$B2sHrJ}K!$O8+$D$+$C$F$$$^$;$s!#(B


V.   $B2r7h:v(B - Solution

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r(B 4.6.2-RELEASE$B!"$b$7$/$O(B
   $B:G?7$N(B 4.6-STABLE $B$K%"%C%W%0%l!<%I$9$k!#(B
   $B$"$k$$$O!"=$@5F|0J9_$N(B RELENG_4_6 (4.6.1-RELEASE-p11)$B!"(B
   RELENG_4_5 (4.5-RELEASE-p19)$B!"(BRELENG_4_4 (4.4-RELEASE-p26)
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#$3$N=$@5%Q%C%A$O!"(BFreeBSD 4.x $B%j%j!<%9$9$Y$F$K(B
   $BE,MQ$G$-$k$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch.asc

b) $B=$@5%Q%C%A$rE,MQ$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch

 ($BLuCm(B: /path/to/patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

c) <URL:http://www.freebsd.org/handbook/kernelconfig.html> $B$K=q$+$l$F$$$k(B
   $B<j=g$K$7$?$,$C$F%+!<%M%k$r:F9=C[$7!"%7%9%F%`$r:F5/F0$7$^$9!#(B


VI.  $B=$@5$N>\:Y(B - Correction details

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

$B%Q%9L>(B                                                          $B%j%S%8%g%s(B
  $B%V%i%s%A(B
- -------------------------------------------------------------------------
src/sys/i386/isa/vesa.c
  RELENG_4                                                       1.32.2.1
  RELENG_4_6                                                    1.32.10.1
  RELENG_4_5                                                     1.32.8.1
  RELENG_4_4                                                     1.32.6.1
src/sys/kern/uipc_syscalls.c
  RELENG_4                                                      1.65.2.12
  RELENG_4_6                                                 1.65.2.9.6.1
  RELENG_4_5                                                 1.65.2.9.4.1
  RELENG_4_4                                                 1.65.2.9.2.1
src/sys/conf/newvers.sh
  RELENG_4_6                                               1.44.2.23.2.16
  RELENG_4_5                                               1.44.2.20.2.20
  RELENG_4_4                                               1.44.2.17.2.25
- -------------------------------------------------------------------------


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B
