Name: CVE-2009-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250 The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. Name: CVE-2009-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251 Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. Fix: The OpenAFS project recommends that administrators with Linux clients upgrade to OpenAFS version 1.4.9 or newer, or as appropriate for people testing features in the OpenAFS 1.5 series, OpenAFS version 1.5.59 or newer.
OPENAFS-SA-2009-001 states: By forging responses from an existing fileserver, or by getting a user to visit a fileserver under their control, an attacker may overflow the heap buffer of a client machine. This buffer resides in kernel memory. A remote user can use this overflow to crash the client under attack, and may be able to execute arbitrary code within a client's kernel. Is B2 still appropriate for that?
I'd call it B1 since it compromises root.
Openafs-1.4.9 now in the tree. It is an update of the latest testing (net-fs/openafs-1.4.8-r1 and net-fs/openafs-kernel-1.4.8-r1), as it seemed more sensible: openafs-kernel-1.4.8-r1 supports more recent kernels (though not yet 2.6.29), openafs-1.4.8-1 is only a small fix, and both have been in testing for a long time, since 20090131. First tests show openafs-1.4.9 to work fine, as is to be expected: upstream says it is only a security update to 1.4.8. I will postpone introducing 1.4.10 until this bug is fixed.
Arches, please test and mark stable: =net-fs/openafs-1.4.9 =net-fs/openafs-kernel-1.4.9 Target keywords : "amd64 ppc ppc64 x86"
amd64/x86 stable
*ping* :)
make[2]: Entering directory `/var/tmp/portage/dev-util/cvs-1.12.12-r6/work/cvs-1.12.12/windowchecking whether yytext is a pointer... yes ./configure: line 4569: /bin: is a directory checking host system type... powerpc64-unknown-linux-gnu checking for library containing strerror... none required checking for pid_t... yes checking for size_t... yes checking return type of signal handlers... void checking for __FUNCTION__ and __LINE__ macros... yes checking for a BSD-compatible install... /usr/bin/install -c checking whether ln -s works... yes checking for powerpc64-unknown-linux-gnu-ranlib... powerpc64-unknown-linux-gnu-ranlib checking for bison... bison -y checking whether byte order is known at compile time... yes checking whether byte ordering is bigendian... yes checking your OS... linux checking your AFS sysname... ppc64_linux26 checking if powerpc64-unknown-linux-gnu-gcc accepts -march=pentium... yes checking if powerpc64-unknown-linux-gnu-gcc needs -fno-strength-reduce... yes checking if powerpc64-unknown-linux-gnu-gcc needs -fno-strict-aliasing... yes checking if powerpc64-unknown-linux-gnu-gcc supports -fno-common... yes checking if powerpc64-unknown-linux-gnu-gcc supports -pipe... yes checking whether to build osi_vfs.h... yes checking if linux kbuild requires EXTRA_CFLAGS... yes checking for linux kernel module build works... no configure: error: in `/var/tmp/portage/net-fs/openafs-kernel-1.4.9/work/openafs-1.4.9': configure: error: Fix problem or use --disable-kernel-module... See `config.log' for more details. !!! Please attach the following file when seeking support: !!! /var/tmp/portage/net-fs/openafs-kernel-1.4.9/work/openafs-1.4.9/config.log * * ERROR: net-fs/openafs-kernel-1.4.9 failed. * Call stack: quad ~ # emerge --info Portage 2.1.6.7 (default/linux/powerpc/ppc64/2008.0/64bit-userland/desktop, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.27-gentoo-r8-g5-64 ppc64) ================================================================= System uname: Linux-2.6.27-gentoo-r8-g5-64-ppc64-PPC970MP,_altivec_supported-with-glibc2.3 Timestamp of tree: Fri, 24 Apr 2009 13:15:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r13, 2.5.4-r2 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="ppc64" CBUILD="powerpc64-unknown-linux-gnu" CFLAGS="-O2 -pipe" CHOST="powerpc64-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs cvs digest distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://quad/ http://drake/gentoo/ http://butthead/ http://gentoo.mirrors.tds.net/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/cell /usr/portage/local/layman/powerpc /usr/local/portage" SYNC="rsync://butthead/gentoo-portage" USE="X acl alsa arts berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gnome gpm gstreamer gtk hal ibm iconv ipv6 isdnlog jpeg kde ldap libnotify mad midi mikmod mp3 mpeg mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppc64 ppds pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis xml xorg xulrunner xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev mach64 mga nv r128 radeon vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA
Created attachment 189380 [details] powerpc failure during configure
I am seeing a failure on ppc32 and ppc64 during configure. Information above.
It is with pain in my heart, but only because noone has been able to fix this (also see bug #211378), that I suggest to drop ppc32 and ppc64 keywords...
(In reply to comment #10) > It is with pain in my heart, but only because noone has been able to fix this > (also see bug #211378), that I suggest to drop ppc32 and ppc64 keywords... > No, please don't! I am able to run openafs-1.4.9 on ppc32 by doing the following: # ebuild /usr/portage/net-fs/openafs/openafs-1.4.9.ebuild merge (i.e., the non-kernel parts simply works) # ebuild /usr/portage/net-fs/openafs-kernel/openafs-kernel-1.4.9.ebuild merge when it dies on the above mentioned "checking for linux kernel module build works... no" I do *the same* configure as the ebuild, i.e., : # cd /var/tmp/portage/net-fs/openafs-kernel-1.4.9/work/openafs-1.4.9/ # ./configure --prefix=/usr --build=powerpc-unknown-linux-gnu --host=powerpc-unknown-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --with-linux-kernel-headers=/usr/src/linux --with-linux-kernel-build=/lib/modules/2.6.29-gentoo-r5/build Surprisingly, this gives: "checking for linux kernel module build works... yes" and proceeds to completion. I then do 'make' and get a usable kernel module. I don't know enough about ebuilds to know why ebuild "preinst" and "install" didn't work after that (something about 'addread' and LC_ALL=C ...), but simply doing: # mkdir /lib/modules/2.6.29-gentoo-r5/kernel/fs/openafs # cp src/libafs/MODLOAD-2.6.29-gentoo-r5-SP/libafs.ko /lib/modules/2.6.29-gentoo-r5/kernel/fs/openafs/. # depmod -a # modprobe libafs # /etc/init.d/openafs-client start worked. It seems *perhaps* it is just a single step that fails. I am willing to keep looking into it. Provide testing for ebuilds, etc. Any pointers from those of you who actually know what you're doing would be appreciated :-) /Mike
Stefaan, could you reproduce the fix mentioned by Mike above? If not, we'll need to mask this application on pcc and ppc64.
Well, the fix for the configure issue is from the linux profile adding -Wl,-O1 by default, filtering that away on ppc/ppc64 is probably a good idea. I'm looking into the rest of the open issues, but hopefully we can get this fixed without dropping keywords.
Actually, on closer inspection, it's that the kernel module test is pass LDFLAGS directly to LD, but elsewhere is passing them through GCC. Having no LDFLAGS set lets it run through configure and compile the module on ppc, but there are still issues with ppc64.
GLSA request filed.
Can you comment on the LDFLAGS issue? I'd like to clear these bugs out and get AFS back together on ppc.
*** Bug 211367 has been marked as a duplicate of this bug. ***
*** Bug 236438 has been marked as a duplicate of this bug. ***
*ping* to ppc and ppc64. This has high severity, so please stabilize.
If someone familiar with AFS would like to comment on my findings above and helped us fix the issues on ppc, we'd be happy to mark it stable.
Ping from PPC again. I'm okay with dropping ppc64, but if we can work out the issues with LDFLAGS, we can keep OpenAFS on ppc. Any suggestions? Thanks!
ive simply dropped stable ppc/ppc64 keywords for now since the package is compile broken in stable anyways. if there are unresolved issues with ppc, fork into a new bug please.
This issue was resolved and addressed in GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml by GLSA coordinator Mikle Kolyada (Zlogene).