Page MenuHomeFreeBSD

Add SA_ID to make newentry
ClosedPublic

Authored by fernape on Sep 24 2023, 5:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jan 6, 12:36 PM
Unknown Object (File)
Thu, Jan 2, 10:57 PM
Unknown Object (File)
Sat, Dec 28, 9:19 AM
Unknown Object (File)
Dec 22 2024, 7:11 PM
Unknown Object (File)
Nov 20 2024, 12:30 PM
Unknown Object (File)
Nov 20 2024, 12:18 PM
Unknown Object (File)
Nov 20 2024, 10:47 AM
Unknown Object (File)
Sep 8 2024, 10:23 PM
Subscribers

Details

Summary

Automate registration of FreeBSD Security Advisories.

It adds a new parameter for the newentry subcommand accepting a SA ID as present
in the FreeBSD Security Advisories web page

Fills an entry following the common structure for FreeBSD SAs and leaves some
"FIXME" strings in those places that need special care.

Test Plan

Apply patch. Then try:

Example 1:

make newentry SA_ID=FreeBSD-SA-23:11.wifi.asc

Output

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index c31758e8f43f..e9623fc606a9 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,39 @@
+  <vuln vid="171d80e9-5afc-11ee-ac70-b42e991fc52e">
+    <topic>FreeBSD -- Wi-Fi encryption bypass</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>The FreeBSD Project reports:</p>
+       <blockquote cite="https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc">
+         <p>Problem Description: The net80211 subsystem would fallback to the
+       multicast key for unicast traffic in the event the unicast key was
+       removed.  This would result in buffered unicast traffic being exposed
+       to any stations with access to the multicast key.</p>
+       <p>Impact: As described in the "Framing Frames: Bypassing Wi-Fi
+       Encryption by Manipulating Transmit Queues" paper, an attacker can
+       induce an access point to buffer frames for a client, deauthenticate
+       the client (causing the unicast key to be removed from the access
+       point), and subsequent flushing of the buffered frames now encrypted
+       with the multicast key.  This would give the attacker access to the
+       data.</p>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-47522</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-47522 -- FIXME</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="732282a5-5a10-11ee-bca0-001999f8d30b">
     <topic>Mailpit affected by vulnerability in included go markdown module</topic>
     <affects>

Example 2:
make newentry SA_ID=FreeBSD-SA-22:01.vt

Output:

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index c31758e8f43f..a6ee8c8839ea 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,70 @@
+  <vuln vid="339de385-5afc-11ee-ac70-b42e991fc52e">
+    <topic>FreeBSD -- vt console buffer overflow</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>The FreeBSD Project reports:</p>
+       <blockquote cite="https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc">
+         <p>Problem Description: Under certain conditions involving use of the
+       highlight buffer while text is scrolling on the console, console
+       data may overwrite data structures associated with the system console
+       or other kernel memory.</p>
+       <p>Impact: Users with access to the system console may be able to
+       cause system misbehaviour.</p>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-29632</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-29632 -- FIXME</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-24</entry>
+    </dates>
+  </vuln>
+

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

fernape added reviewers: philip, portmgr.

This is great! Thanks for doing this work. This can save me a lot of time. ๐Ÿ˜

security/vuxml/files/newentry.sh
119

Previous FreeBSD SA entries in vuxml don't include a <cveurl>. It was my understanding that generating these was left up to the renderer (e.g. vuxml.org). I'm not opposed to adding these though.

In any case, the FIXME should go away.

156โ€“157

Should we aim for consistency with previous FreeBSD SA vuxml entries here? In that case, the <blockquote> should go away and the Problem Description and Impact titles should be <h1> elements.

Address philip's feedback

  • Remove FIXME in cveurl
  • Be consistent with previous SA entries

This is great! Thanks for doing this work. This can save me a lot of time. ๐Ÿ˜

Rework the patch a little so we can accommodate the SA-specific format.
New outputs.

Blank entry:

$ make newentry
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..05ffb784f868 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,29 @@
+  <vuln vid="926ea252-5b87-11ee-b1e3-b42e991fc52e">
+    <topic> -- </topic>
+    <affects>
+      <package>
+       <name></name>
+       <range><lt></lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>SO-AND-SO reports:</p>
+       <blockquote cite="INSERT URL HERE">
+         <p>.</p>
+       </blockquote>
+       </body>
+    </description>
+    <references>
+      <cvename>INSERT CVE RECORD IF AVAILABLE</cvename>
+      <url>INSERT BLOCKQUOTE URL HERE</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+

CVE entry:

$ make newentry CVE_ID=CVE-2023-4863
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..69d2a507a34c 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,29 @@
+  <vuln vid="b9378b8f-5b87-11ee-b1e3-b42e991fc52e">
+    <topic>google -- null</topic>
+    <affects>
+      <package>
+       <name>google</name>
+       <range><lt>116.0.5845.187</lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>SO-AND-SO reports:</p>
+       <blockquote cite="INSERT URL HERE">
+         <p>.</p>
+       </blockquote>
+       </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-4863</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-4863</url>
+    </references>
+    <dates>
+      <discovery>2023-09-12</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+

SA entry:

$ make newentry SA_ID=FreeBSD-SA-23:11.wifi.asc
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..d0d148e41713 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,38 @@
+  <vuln vid="e77dc256-5b87-11ee-b1e3-b42e991fc52e">
+    <topic>FreeBSD -- Wi-Fi encryption bypass</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <h1>Problem Description:</h1>
+         <p>The net80211 subsystem would fallback to the multicast key for
+       unicast traffic in the event the unicast key was removed.  This
+       would result in buffered unicast traffic being exposed to any
+       stations with access to the multicast key.</p>
+       <h1>Impact:</h1>
+         <p>As described in the "Framing Frames: Bypassing Wi-Fi Encryption
+       by Manipulating Transmit Queues" paper, an attacker can induce an
+       access point to buffer frames for a client, deauthenticate the
+       client (causing the unicast key to be removed from the access point),
+       and subsequent flushing of the buffered frames now encrypted with
+       the multicast key.  This would give the attacker access to the
+       data.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-47522</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-47522</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+
fernape added inline comments.
security/vuxml/files/newentry.sh
119

I removed the "FIXME". Developers should never blindly trust the output of the script (same way we should not blindly trus make makeplist).
I added the "FIXME" because I found that sometimes, the CVE might not have a URL (yet) in NVD at the time of creating the entry in security/vuxml.

156โ€“157

Adapted to the previous SAs format.

Great work! Thanks very much. This should help me not get behind on FreeBSD SAs going forward.

This revision is now accepted and ready to land.Sep 25 2023, 10:39 AM
This revision was automatically updated to reflect the committed changes.
fernape marked 2 inline comments as done.