Bug#717958: [Debian RT] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials

To: security@rt.debian.org
Cc: 717958@bugs.debian.org
Subject: Bug#717958: [Debian RT] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Sun, 28 Jul 2013 20:15:56 +0100
Message-id: <[🔎] 51F56DEC.6010006@pyro.eu.org>
Reply-to: Steven Chamberlain <steven@pyro.eu.org>, 717958@bugs.debian.org
In-reply-to: <[🔎] 51F3A468.2030604@pyro.eu.org>
References: <[🔎] 51F3A468.2030604@pyro.eu.org>

Dear Security Team,

Please could we upload to wheezy-security as in the attached debdiff,
using upstream's patch to fix CVE-2013-4851 / Bug#717958 in kfreebsd-9.

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

diff -Nru kfreebsd-9-9.0/debian/changelog kfreebsd-9-9.0/debian/changelog
--- kfreebsd-9-9.0/debian/changelog	2013-06-23 14:47:37.000000000 +0100
+++ kfreebsd-9-9.0/debian/changelog	2013-07-28 19:34:25.000000000 +0100
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.3) wheezy-security; urgency=high
+
+  * Team upload.
+  * Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851:
+    Incorrect privilege validation in the NFS server (Closes: #717958)
+
+ -- Steven Chamberlain <steven@pyro.eu.org>  Sun, 28 Jul 2013 18:15:26 +0100
+
 kfreebsd-9 (9.0-10+deb70.2) wheezy-security; urgency=high
 
   * Team upload.
diff -Nru kfreebsd-9-9.0/debian/patches/SA-13_08.nfsserver.patch kfreebsd-9-9.0/debian/patches/SA-13_08.nfsserver.patch
--- kfreebsd-9-9.0/debian/patches/SA-13_08.nfsserver.patch	1970-01-01 01:00:00.000000000 +0100
+++ kfreebsd-9-9.0/debian/patches/SA-13_08.nfsserver.patch	2013-07-28 19:30:16.000000000 +0100
@@ -0,0 +1,23 @@
+Description:
+ Fix a bug that allows remote client bypass the normal
+ access checks when when -network or -host restrictions
+ are used at the same time with -mapall. [13:08]
+ (CVE-2013-4851)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:08/nfsserver.patch
+Bug: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc
+Bug-Debian: http://bugs.debian.org/717958
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=253693
+
+Index: kfreebsd-9-9.0/sys/kern/vfs_export.c
+===================================================================
+--- kfreebsd-9-9.0.orig/sys/kern/vfs_export.c	2009-09-28 19:07:16.000000000 +0100
++++ kfreebsd-9-9.0/sys/kern/vfs_export.c	2013-07-28 18:13:25.223547283 +0100
+@@ -208,7 +208,7 @@
+ 	np->netc_anon = crget();
+ 	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
+ 	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+-	    np->netc_anon->cr_groups);
++	    argp->ex_anon.cr_groups);
+ 	np->netc_anon->cr_prison = &prison0;
+ 	prison_hold(np->netc_anon->cr_prison);
+ 	np->netc_numsecflavors = argp->ex_numsecflavors;
diff -Nru kfreebsd-9-9.0/debian/patches/series kfreebsd-9-9.0/debian/patches/series
--- kfreebsd-9-9.0/debian/patches/series	2013-06-23 14:47:37.000000000 +0100
+++ kfreebsd-9-9.0/debian/patches/series	2013-07-28 19:30:16.000000000 +0100
@@ -10,6 +10,7 @@
 SA-12_08.linux.patch
 SA-13_05.nfsserver.patch
 SA-13_06.mmap.patch
+SA-13_08.nfsserver.patch
 
 # Other patches that might or might not be mergeable
 001_misc.diff

Reply to:

References:
- Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Bug#717958: marked as done (kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials)
Next by Date: Processing of kfreebsd-downloader_9.1-1_kfreebsd-amd64.changes
Previous by thread: Bug#717958: marked as done (kfreebsd-9: CVE-2013-4851: nfsserver applies wrong credentials)
Next by thread: Re: [rt.debian.org #4573] Re: Bug#717958: kfreebsd-9: CVE-2013-4851: nfsserver
Index(es):
- Date
- Thread