From owner-doc-jp-work@jp.FreeBSD.org Fri Nov 19 00:37:08 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id iAIFb8N48193;
	Fri, 19 Nov 2004 00:37:08 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from smtp.eos.ocn.ne.jp (eos.ocn.ne.jp [222.146.51.150])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id iAIFb6848188
	for <doc-jp-work@jp.FreeBSD.org>; Fri, 19 Nov 2004 00:37:07 +0900 (JST)
	(envelope-from hrs@FreeBSD.org)
Received: from delta.allbsd.org (p47094-adsao12honb4-acca.tokyo.ocn.ne.jp [220.96.129.94])
	by smtp.eos.ocn.ne.jp (Postfix) with ESMTP id 85D371C9C
	for <doc-jp-work@jp.FreeBSD.org>; Fri, 19 Nov 2004 00:37:00 +0900 (JST)
Received: from localhost (alph.allbsd.org [192.168.0.10])
	by delta.allbsd.org (8.12.9p2/8.12.9) with ESMTP id iAIFafnP005174
	for <doc-jp-work@jp.FreeBSD.org>; Fri, 19 Nov 2004 00:36:42 +0900 (JST)
	(envelope-from hrs@FreeBSD.org)
Message-Id: <20041119.003555.59719952.hrs@eos.ocn.ne.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <20041118122253.253E5B876@dwp.des.no>
References: <20041118122253.253E5B876@dwp.des.no>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 4.1.50 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha1;
 boundary="--Security_Multipart0(Fri_Nov_19_00_35_55_2004_300)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Fri, 19 Nov 2004 00:35:55 +0900
X-Sequence: doc-jp-work 991
Subject: [doc-jp-work 991] Re: [FreeBSD-Announce] FreeBSD Security Advisory
 FreeBSD-SA-04:16.fetch
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hrs@FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+041115

----Security_Multipart0(Fri_Nov_19_00_35_55_2004_300)--
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Fri_Nov_19_00_35_55_2004_272)--"
Content-Transfer-Encoding: 7bit

----Next_Part(Fri_Nov_19_00_35_55_2004_272)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 04:16 $B$G$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B

----Next_Part(Fri_Nov_19_00_35_55_2004_272)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="04:16"


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-04:16.fetch (2004-11-18)
 * Overflow error in fetch
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:16.fetch
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Thu, 18 Nov 2004 13:22:53 +0100 (CET)
  Message-Id: <20041118122253.253E5B876@dwp.des.no>
  X-Sequence: announce-jp xxx

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r$*$3$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-04:16.fetch                                      Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:	fetch $B%f!<%F%#%j%F%#$K$*$1$k%*!<%P%U%m!<LdBj(B
		(Overflow error in fetch)

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	fetch
$B9pCNF|(B:		2004-11-18
$B%/%l%8%C%H(B:	Colin Percival
$B1F6AHO0O(B:	$B$9$Y$F$N%P!<%8%g%s$N(B FreeBSD
$B=$@5F|(B:		2004-11-18 12:02:13 UTC (RELENG_5, 5.3-STABLE)
                2004-11-18 12:03:05 UTC (RELENG_5_3, 5.3-RELEASE-p1)
                2004-11-18 12:04:29 UTC (RELENG_5_2, 5.2.1-RELEASE-p12)
                2004-11-18 12:05:36 UTC (RELENG_5_1, 5.1-RELEASE-p18)
                2004-11-18 12:05:50 UTC (RELENG_5_0, 5.0-RELEASE-p22)
                2004-11-18 12:02:29 UTC (RELENG_4, 4.10-STABLE)
                2004-11-18 12:06:06 UTC (RELENG_4_10, 4.10-RELEASE-p4)
                2004-11-18 12:06:22 UTC (RELENG_4_9, 4.9-RELEASE-p13)
                2004-11-18 12:06:36 UTC (RELENG_4_8, 4.8-RELEASE-p26)
                2004-11-18 12:06:52 UTC (RELENG_4_7, 4.7-RELEASE-p28)
FreeBSD $B$K8GM-$+(B:	YES

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

$B>e5-$N9`L\$d%;%-%e%j%F%#%V%i%s%A!"0J2<$N3F@a$D$$$F$N@bL@$J$I!"(B
FreeBSD $B%;%-%e%j%F%#4+9p$K$D$$$F$N0lHLE*$J>pJs$O!"(B
<URL:http://www.freebsd.org/security/> $B$r$4Mw$/$@$5$$!#(B


I.   $BGX7J(B - Background

The fetch(1) utility is a tool for fetching files via FTP, HTTP, and HTTPS.

fetch(1) $B%f!<%F%#%j%F%#$O!"(BFTP, HTTP, HTTPS $B7PM3$G%U%!%$%k$r<hF@$9$k$?$a$N(B
$B%D!<%k$N$R$H$D$G$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

An integer overflow condition in the processing of HTTP headers can result
in a buffer overflow.

HTTP $B%X%C%@$N=hM}Cf$K!"@0?t%G!<%?$N1i;;$G7e$"$U$l$,H/@8$9$k>l9g$,$"$j$^$9!#(B
$B$3$N7e$"$U$l$O!"%P%C%U%!%*!<%P%U%m!<$N860x$K$J$j$^$9!#(B


III. $B1F6AHO0O(B - Impact

A malicious server or CGI script can respond to an HTTP or HTTPS request in
such a manner as to cause arbitrary portions of the client's memory to be
overwritten, allowing for arbitrary code execution.

$B%5!<%P$d(B CGI $B%9%/%j%W%H$rMxMQ$9$k$3$H$G!"%/%i%$%"%s%H$+$i$N(B HTTP $BMW5a$d(B
HTTPS $BMW5a$KBP$7$F%P%C%U%!%*!<%P%U%m!<$rM6H/$9$k$h$&$J1~Ez$rJV$9$3$H$,(B
$B2DG=$G$9!#$3$N$h$&$JA`:n$K$h$j%/%i%$%"%s%H$N%a%b%j$N0lIt$r>e=q$-$7!"(B
$B%/%i%$%"%s%H>e$GG$0U$N%3!<%I$r<B9T$G$-$k2DG=@-$,$"$j$^$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

There is no known workaround for the affected application, although
the ftp(1) application in the FreeBSD base system, and several 
applications in the FreeBSD Ports collection provide similar 
functionality and could be used in place of fetch(1).

$BLdBj$r4^$s$@(B fetch(1) $B$K$*$1$k2sHrJ}K!$OH/8+$5$l$F$$$^$;$s$,!"(B
FreeBSD $B%Y!<%9%7%9%F%`$K4^$^$l$k(B ftp(1)$B!"$"$k$$$O(B
FreeBSD Ports Collection $B$K4^$^$l$kN`;w$N5!G=$rDs6!$9$k(B
$B%"%W%j%1!<%7%g%s$N$$$/$D$+$O!"(Bfetch(1) $B$NBeBX$H$7$F;HMQ$9$k$3$H$,$G$-$^$9!#(B


V.   $B2r7h:v(B - Solution

Perform one of the following:

$B<!$N$$$:$l$+$R$H$D$K=>$C$F$/$@$5$$!#(B

1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated
after the correction date.

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r:G?7$N(B 4-STABLE $B$^$?$O(B 5-STABLE $B$K99?7$9$k$+!"(B
   $B$"$k$$$O=$@5F|0J9_$N(B RELENG_5_3, RELENG_5_2, RELENG_4_10, RELENG_4_8
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) To patch your present system:
2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

The following patches have been verified to apply to FreeBSD 4.8, 4.10,
5.2, and 5.3 systems.

$B0J2<$N=$@5%Q%C%A$O!"(BFreeBSD 4.8, FreeBSD 4.10, FreeBSD 5.2, FreeBSD 5.3
$B$N3F%7%9%F%`$KE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#(B

# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch
# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc

b) Execute the following commands as root:
b) root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.bin/fetch
# make obj && make depend && make && make install

($BLuCm(B: /path/to/patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

3) IMPORTANT NOTE to users of FreeBSD Update:
3) $B=EMW(B: FreeBSD Update $B$rMxMQ$5$l$F$$$kJ}$X(B

FreeBSD Update (security/freebsd-update in the FreeBSD Ports collection)
is a binary security update system for the FreeBSD base system.  It is 
not supported or endorsed by the FreeBSD Security team, but its author
has requested that the following note be included in this advisory:

FreeBSD Update (FreeBSD Ports Collection $B$N(B security/freebsd-update) $B$O!"(B
FreeBSD $B%Y!<%9%7%9%F%`MQ$N%P%$%J%j%;%-%e%j%F%#99?7%7%9%F%`$G$9!#(B
$B$3$l$O(B FreeBSD $B%;%-%e%j%F%#%A!<%`$,8xG'$7$F$$$k$b$N$G$O$"$j$^$;$s$,!"(B
FreeBSD Update $B$N:n<T$N4uK>$K$h$j!"0J2<$KCm0UE@$r5-:\$7$^$9!#(B

  FreeBSD Update uses the fetch(1) utility for downloading security
  updates to the FreeBSD base system.  While these updates are 
  cryptographically signed, and FreeBSD Update is therefore immune from
  most attacks, it is exposed to this vulnerability since the files
  must be fetched before their integrity can be verified.

  FreeBSD Update $B$O!"(BFreeBSD $B%Y!<%9%7%9%F%`$N%;%-%e%j%F%#99?7$r(B
  $B%@%&%s%m!<%I$9$k$?$a$K(B fetch(1) $B%f!<%F%#%j%F%#$r;H$$$^$9!#(B
  $B$3$l$i$N99?7$K$OEE;R=pL>$,;H$o$l$F$$$k$?$a!"(BFreeBSD Update $B$,967b$N(B
  $B6<0R$K$5$i$5$l$k4m81@-$OHs>o$KDc$/$J$C$F$$$^$9!#$7$+$7!"%U%!%$%k$N(B
  $B40A4@-$r8!>Z$9$k$K$O%U%!%$%k$r<hF@$7$J$1$l$P$J$i$J$$$3$H$+$i!"(B
  $B:#2s$N%;%-%e%j%F%#>e$N<eE@$N1F6A$r<u$1$F$7$^$$$^$9!#(B

  As a workaround, FreeBSD Update can be made to use the ftp(1) utility
  for downloading updates as follows:

  $B<!$N$h$&$K$9$k$H!"2sHr:v$H$7$F99?7$N%@%&%s%m!<%I$K(B ftp(1) $B%f!<%F%#%j%F%#$r(B
  $B;H$&$h$&!"(BFreeBSD Update $B$r@_Dj$9$k$3$H$,2DG=$G$9!#(B

  # sed -i.bak -e 's/fetch -qo/ftp -o/' /usr/local/sbin/freebsd-update
  # freebsd-update fetch
  # mv /usr/local/sbin/freebsd-update.bak /usr/local/sbin/freebsd-update
  # freebsd-update install


VI.  $B=$@5$N>\:Y(B - Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

Branch                                                           Revision
$B%V%i%s%A(B                                                         $B%j%S%8%g%s(B
  Path
  $B%Q%9L>(B
- -------------------------------------------------------------------------
RELENG_4
  src/usr.bin/fetch/fetch.c                                     1.10.2.28
RELENG_4_10
  src/UPDATING                                              1.73.2.90.2.5
  src/sys/conf/newvers.sh                                   1.44.2.34.2.6
  src/usr.bin/fetch/fetch.c                                 1.10.2.23.2.1
RELENG_4_9
  src/UPDATING                                             1.73.2.89.2.14
  src/sys/conf/newvers.sh                                  1.44.2.32.2.14
  src/usr.bin/fetch/fetch.c                                 1.10.2.21.2.1
RELENG_4_8
  src/UPDATING                                             1.73.2.80.2.29
  src/sys/conf/newvers.sh                                  1.44.2.29.2.27
  src/usr.bin/fetch/fetch.c                                 1.10.2.20.2.1
RELENG_4_7
  src/UPDATING                                             1.73.2.74.2.32
  src/sys/conf/newvers.sh                                  1.44.2.26.2.30
  src/usr.bin/fetch/fetch.c                                 1.10.2.18.2.1
RELENG_5
  src/usr.bin/fetch/fetch.c                                      1.72.2.2
RELENG_5_3
  src/UPDATING                                             1.342.2.13.2.4
  src/sys/conf/newvers.sh                                   1.62.2.15.2.6
  src/usr.bin/fetch/fetch.c                                  1.72.2.1.2.1
RELENG_5_2
  src/UPDATING                                                 1.282.2.20
  src/sys/conf/newvers.sh                                       1.56.2.19
  src/usr.bin/fetch/fetch.c                                      1.62.4.1
RELENG_5_1
  src/UPDATING                                                 1.251.2.20
  src/sys/conf/newvers.sh                                       1.50.2.20
  src/usr.bin/fetch/fetch.c                                      1.62.2.1
RELENG_5_0
  src/UPDATING                                                 1.229.2.28
  src/sys/conf/newvers.sh                                       1.48.2.23
  src/usr.bin/fetch/fetch.c                                      1.58.2.1
- -------------------------------------------------------------------------


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html ($B1QJ8(B)
 http://www.FreeBSD.org/doc/ja_JP.eucJP/books/handbook/mirrors.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B

$hrs: announce-jp/FreeBSD-SA/04:16,v 1.1 2004/11/18 15:29:52 hrs Exp $

----Next_Part(Fri_Nov_19_00_35_55_2004_272)----

----Security_Multipart0(Fri_Nov_19_00_35_55_2004_300)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBBnMFdTyzT2CeTzy0RAmBSAKCv+12/e2QCW6iJeR7Do0+CkUwiZACfcZBa
ITFJkLi7xnCN27bmAqezpH0=
=Umlp
-----END PGP SIGNATURE-----

----Security_Multipart0(Fri_Nov_19_00_35_55_2004_300)----
