Feeds

Staunch your Heartbleed patching: FreeBSD has a nasty credentials leak

Let's not forget that FreeBSD is in OSX, NetApp kit, Juniper boxen and even some tellies

Using blade systems to cut costs and sharpen efficiencies

Got FreeBSD? Get busy on the patch, because a problem with its TCP ordering has emerged, with both denial-of-service and data leakage as possible effects.

The issue exists in how the popular Unix-like operating system handles TCP packets received out-of-order. Packets are held in a reassembly queue until they can be re-ordered and re-assembled. However, as the advisory states:

“FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry.”

Crafted packets can cause a kernel crash, the advisory states, but worse: “because the undefined on stack memory may be overwritten by other kernel threads, while extremely difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket”.

Ty Miller, CEO of Threat Intelligence, said in an e-mail the operating system is the basis of kit from a lot of well-known names, including: OSX, PlayStation, some Panasonic TVs; and security gear from Blue Coat, Checkpoint, IronPort, Juniper, McAfee and Sophos.

The difficulty of creating an exploit means this is far less likely to cause data leak before patches start becoming available. One issue, however, is very similar to Heartbleed: because FreeBSD is behind the scenes in non-obvious places, a lot of systems may never get patched.

While sysadmins will have charge of IT systems, almost no one except the very savvy home user patches consumer kit.

It should be noted that users will probably see denial-of-service rather than data leak as the most immediate potential impact. “Because of the complexity associated with the exploitation process, it is more likely to trigger the target system to crash,” Miller's e-mail noted.

Patch instructions are given at the FreeBSD advisory. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.