-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-06:02.net Errata Notice The FreeBSD Project Topic: Networking Issues Category: core Module: sys Announced: 2006-08-28 Credits: Robert Watson, JINMEI Tatuya Affects: FreeBSD 6.1-RELEASE Corrected: 2006-08-28 07:31:11 UTC (RELENG_6_1, 6.1-RELEASE-p5) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The FreeBSD kernel provides basic networking services, supporting the IPv4 and IPv6 network protocols. II. Problem Description Several issues have been discovered in the networking code in the FreeBSD 6.1 kernel. Specifically: 1. A pointer was not being checked for validity before being dereferenced. 2. Some statistics-keeping code in the UMA memory allocator erroneously counted certain types of successful memory allocations as failures. 3. IPv6 neighbor discovery did not work correctly over point-to-point links. III. Impact The impacts of these bugs are varied. 1. The pointer dereferencing issue could cause a kernel panic. 2. The memory statistics-keeping error could cause the kernel to report an incorrect number of memory allocations that failed. One symptom of this problem is a artificially high count of "requests for mbufs denied" in the output from "netstat -m". 3. The IPv6 neighbor discovery bug could cause spurious warnings to be generated when running IPv6 over point-to-point links. This problem was particularly noticeable over gif(4) tunnels. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_1 security branch dated after the correction date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch # fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6_1 src/UPDATING 1.416.2.22.2.7 src/sys/conf/newvers.sh 1.69.2.11.2.7 src/sys/netinet/ip_output.c 1.242.2.8.2.1 src/sys/netinet6/in6.c 1.51.2.8.2.1 src/sys/netinet6/nd6.c 1.48.2.12.2.1 src/sys/vm/uma_core.c 1.119.2.15.2.1 - ------------------------------------------------------------------------- The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-06:02.net.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFE8pwjFdaIBMps37IRAtQkAKCd89w0feF8PI4RM5cD90WQX/fPOgCfb/OH wecGoGYP8sZw8vTx0i5HqQQ= =Qj8N -----END PGP SIGNATURE-----