Operating System:

[UNIX/Linux][FreeBSD]

Published:

05 July 2019

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2019.2472 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2472
                           iconv buffer overflow
                                5 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iconv
Publisher:         FreeBSD
Operating System:  FreeBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5600  

Original Bulletin: 
   https://security.freebsd.org/advisories/FreeBSD-SA-19:09.iconv.asc

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than FreeBSD. It is recommended that administrators
         running iconv check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-19:09.iconv                                      Security Advisory
                                                          The FreeBSD Project

Topic:          iconv buffer overflow

Category:       core
Module:         libc
Announced:      2019-07-02
Credits:        Andrea Venturoli <security@netfence.it>, NetFence
Affects:        All supported versions of FreeBSD.
Corrected:      2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE)
                2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7)
                2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE)
                2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1)
                2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11)
CVE Name:       CVE-2019-5600

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

The iconv(3) API converts text data from one character encoding to another
and is available as part of the standard C library (libc).

II.  Problem Description

With certain inputs, iconv may write beyond the end of the output buffer.

III. Impact

Depending on the way in which iconv is used, an attacker may be able to
create a denial of service, provoke incorrect program behavior, or induce a
remote code execution.  iconv is a libc library function and the nature of
possible attacks will depend on the way in which iconv is used by
applications or daemons.

IV.  Workaround

No workaround is available.  Stack canaries (-fstack-protector), which are
enabled by default, provide a degreee of defense against code injection but
not against denial of service.

V.   Solution

Upgrade your vulnerable system to a supported FreeBSD stable or release /
security branch (releng) dated after the correction date.  Restart any
potentially affected daemons.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch
# fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch.asc
# gpg --verify iconv.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- - -------------------------------------------------------------------------
stable/12/                                                        r349622
releng/12.0/                                                      r349621
stable/11/                                                        r349624
releng/11.3/                                                      r349621
releng/11.2/                                                      r349621
- - -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5600>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:09.iconv.asc>
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cK8qg//bXSYMJQUBC0POTT5zGXSAmXfKjxbCi4N67cfTrQkEvW672QX4Jw9smkK
D3PwyQs8QWIwsXL69rRgKDFHhPplOmTkx1vaPrA3DckYliwNvLRV3I6G2bRnx3E3
DoAyDmBvFK5lJWa3WxbCpeJA69yZ/JbX1Yw6HsRLk74hGkfvlkruKkfxsNjXzaq4
0+d+ZYs/vRDmIW5/R/bYy1+iyDamyCMl2xXtlZBKrGe6lhj8Vi4/evJjipFtskc2
RnGKolNoZQc03pgX0QS2JZDb+ay23elkOCbhYPqGr1f++M95oOktX3epsJNSH++u
pmJ72FNRsnZSVFxoX7o14eh4k6OGYIvGFSkXQ9VG1NV7PQO8VZAQk9gw264O/1Mi
2aW88e78GLallQOg32VM+Ybys9MamBHByiYRz+GXhh91gg9WPJK5Imt0ExUuukGn
SS65SW1AhO72xC2eplbM0pQY0FNn8l+QA4XjhqNfW03gPSvPwbdYhbSDXm9bgV3W
+VnW2R0tekgiD3glf9GwXMKizostS67jvpJyEDqvx3A1Dx3R2sJ27/6c5HDLpJss
hrhEbqnJhudl10gQTdK9hkFg1LeqxFCYhsw0NDb7PgRWeu3MZcLP6pO3wy/aacfd
OyGJWeqTzKZ4o596OyrTsYIa75MymN3/PkdfDYfRMU0GdAo+acQ=
=ItWl
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXR7QRmaOgq3Tt24GAQg5lBAAvyurxymaHqVYa9ym43al52/LnhfZSU+B
EJl64nSBtMsTNHkPt69C0D1CwVMvMox4+VWqmL9Y4W9idzFwJ8KiG1j0qwK53nc2
5Bnk+oOPtf9DYWNn2H/kvlqwo9u0JBSWWOIOVWRbNex5F61LOXQlAcmdu5CpZAEF
qtTqJmJFfgH8UG70QARmAQPaPt+fCPVKyzgjTa3O/K7ddJIW3i0Km/YW9p0F1HYc
0aDpZrYNtI9LFVn1lvrySB7Qg2Rh1BupBUyTB0xjqDmUvRQexK+uDN513uigS49t
e0PnizZLn0z26+JbYOc5TU8QTjY0pQuSxjKD8CHaCG43tqAn71mSLgoCQpitBPPr
nf8xaWErXxOH33OWuB9GegPqtOOAng8YWo+GjP+0gyGVahsFD8n0NKY9FosgyLLb
5N9efr2+L35JCySZuUfdR+chWq/doBtjGtIQJZDZ4a0TiXrNEk85iDXMne2uRSnX
hIkwstMQKQ516J5LmNw0GipyQhHAESeNADrZw6gNjX4RBsEmctrS0Wqhkohdklp1
ufLNKVB7v/iTwy2AQHMXkSrWZVy5CfgghVYNfpVQhAbiQPbMLAkCvSdlj/9VePk9
qT/c1+fkE5pSKTFJxofYj0SFe47bNfXsawNXRkIenpNIP7f2u6sOU/oszp7Oo6TL
6WWz4MAxgFg=
=8wNx
-----END PGP SIGNATURE-----