-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2013-004 ================================= Topic: Vulnerabilities in grep Version: NetBSD-current: affected prior to Jan 5th, 2013 NetBSD 6.0.*: affected NetBSD 6.0: affected NetBSD 5.2.*: affected NetBSD 5.1.*: affected NetBSD 5.0.*: affected pkgsrc: textproc/grep prior to 2.13 Severity: Arbitrary Code Execution Fixed: NetBSD-current: Jan 5th, 2013 NetBSD-6-0 branch: Jan 13th, 2013 NetBSD-6 branch: Jan 13th, 2013 NetBSD-5-2 branch: Jan 13th, 2013 NetBSD-5-1 branch: Jan 13th, 2013 NetBSD-5-0 branch: Jan 13th, 2013 NetBSD-5 branch: Jan 13th, 2013 pkgsrc textproc/grep: grep-2.13 corrects this issue Please note that NetBSD releases prior to 5.0 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract ======== Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. This vulnerability has been assigned CVE-2012-5667. Technical Details ================= See http://openwall.com/lists/oss-security/2012/12/22/6 The PCRE aspect of the vulnerability does not apply to NetBSD. Solutions and Workarounds ========================= Workaround: Don't run grep against files of dubious provenance with lines of 2 GB, or longer. Fix: Replace grep with a fixed version. The fastest method to do that is to obtain a base.tgz matching your system from http://nyftp.netbsd.org/pub/NetBSD-daily/ dated 20130114 or later, and to extract ./usr/bin/egrep, ./usr/bin/fgrep and ./usr/bin/grep as well as ./rescue/egrep, ./rescue/fgrep and ./rescue/grep from it. The following instructions describe how to upgrade your grep binaries by updating your source tree and rebuilding and installing a new version of grep. The following files contain the fix: gnu/dist/grep/lib/getopt.c gnu/dist/grep/lib/regex.c gnu/dist/grep/src/ansi2knr.c HEAD 1.2 netbsd-6 1.1.1.1.56.1 netbsd-6-0 1.1.1.1.62.1 netbsd-5 1.1.1.1.38.1 netbsd-5-2 1.1.1.1.64.1 netbsd-5-1 1.1.1.1.46.1 netbsd-5-0 1.1.1.1.42.1 gnu/dist/grep/src/dfa.c HEAD 1.3 netbsd-6 1.2.56.1 netbsd-6-0 1.2.62.1 netbsd-5 1.2.38.1 netbsd-5-2 1.2.64.1 netbsd-5-1 1.2.46.1 netbsd-5-0 1.2.42.1 gnu/dist/grep/src/grep.c HEAD 1.14 netbsd-6 1.13.8.1 netbsd-6-0 1.13.14.1 netbsd-5 1.12.4.1 netbsd-5-2 1.12.2.1 netbsd-5-1 1.12.12.1 netbsd-5-0 1.12.8.1 gnu/dist/grep/src/search.c HEAD 1.4 netbsd-6 1.3.20.1 netbsd-6-0 1.3.26.1 netbsd-5 1.3.4.1 netbsd-5-2 1.3.28.1 netbsd-5-1 1.3.12.1 netbsd-5-0 1.3.8.1 To update from CVS, re-build, and re-install grep: # cd src # cvs update -d -P gnu/dist/grep # cd gnu/usr.bin/grep # make USETOOLS=no cleandir dependall # make USETOOLS=no install # cd ../../../usr.bin/ldd # make USETOOLS=no cleandir dependall # cd ../../rescue # make USETOOLS=no cleandir dependall # make USETOOLS=no install Thanks To ========= Joshua Rogers for identifying the problem in GNU grep. Ignatios Souvatzis and Alan Barrett for collaborating on a GPLv2 fix. Revision History ================ 2013-02-26 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-004.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2013, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2013-004.txt,v 1.1 2013/02/26 19:45:50 tonnerre Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (NetBSD) iQIcBAEBAgAGBQJRLRIBAAoJEAZJc6xMSnBuo0oQAKwd6+VU7q/XNA+GIh9yyn/a rXy0VmPx3uUQuMCdrzOmcXzyW9RzW9Gskv1Xgzo1T+HrTc7iQ9LMWtQfZSwPSYVk DEecyvIyAjeoEc4Ticbz2I0DxC0uRCDmMd2KhKQz/2C7XD6hUcDoVChUimNAeBxj l84VNPnyUzf3n2osaVA+1VRghsO1ITrF+c4Fxz1b1fX3C6wCOvi834BzEQGBH/LI o3nzsyC2w+0WiK0be3Nvt4dChlPNM7uiEqjS5833Zp3LauAxgKGhuQpsc34PL2V9 pA1chFw2Iay4Px1keYAczCbrmKHbGCZpO2WcGpiqW2Xe9S/yMiwGKN2MH3cTOVrm V6bz9UdyzfMz/TAlXwqC00c3AQ66FFXkNlHkdi6V5l3ZkLEKAxsZhtUziJxev3m9 E6/XZOT0BPggiG7+edJN6HgfzOGZZgonssUGXjjxk/R2Cu6HInbQ8jrcUaHdTOYR W+zRuCLU21klZWUZTqSLPH/csEq1q2dyWLkkP8HdveVlg/VzD4cpb+mAaAWa9iHD 6cEPNswYFqrpVneHUaeFdPe1mKTXfesOwxi6aHvQojZHnEiCdihvjSd28S+303po 5k3DQQiZYjFlzvHhXjXFGw9YgiXS3id/uEnm5aIJ505uZ7W0IzZuyfm0z5o7qqGj a7cXpgp2M9dYialzRVlE =3W1g -----END PGP SIGNATURE-----