diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2012-08-15 06:19:40 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2012-08-15 06:19:40 +0000 |
commit | 3571e5304050aba8c8eab50a86c6c0a073e4710b (patch) | |
tree | de84b0c3c5ffde32e607bf0686e9f27bb7a78ef0 /share/security/advisories/FreeBSD-SA-00:10.orville-write.asc | |
parent | 01c8718f26f092070b0b20b4902a2a313033ed79 (diff) | |
download | doc-3571e5304050aba8c8eab50a86c6c0a073e4710b.tar.gz doc-3571e5304050aba8c8eab50a86c6c0a073e4710b.zip |
Import FreeBSD Security Advisories and Errata Notices, as well as their
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.
For now files are just sitting there. The symlinks are missing.
Discussed on: www (repository location)
Discussed with: simon (so)
Notes
Notes:
svn path=/head/; revision=39381
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:10.orville-write.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-00:10.orville-write.asc | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc new file mode 100644 index 0000000000..70bf197319 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:10 Security Advisory + FreeBSD, Inc. + +Topic: orville-write port contains local root compromise. + +Category: ports +Module: orville-write +Announced: 2000-03-15 +Affects: Ports collection before the correction date. +Corrected: 2000-03-09 +FreeBSD only: Yes + +I. Background + +Orville-write is a replacement for the write(1) command, which +provides improved control over message delivery and other features. + +II. Problem Description + +One of the commands installed by the port is incorrectly installed +with setuid root permissions. The 'huh' command should not have any +special privileges since it is intended to be run by the local user to +view his saved messages. + +The orville-write port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install +format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to +this problem. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit of +the most security-critical ports. + +III. Impact + +A local user can exploit a buffer overflow in the 'huh' utility to +obtain root privileges. + +If you have not chosen to install the orville-write port/package, then +your system is not vulnerable. + +IV. Workaround + +Remove the orville-write port if you have installed it. + +V. Solution + +Remove the setuid bit from the huh utility, by executing the following +command as root: + +chmod u-s /usr/local/bin/huh + +It is not necessary to reinstall the orville-write port, although this +can be done in one of the following ways if desired: + +1) Upgrade your entire ports collection and rebuild the orville-write port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz + +Note: it may be several days before the updated packages are available. + +3) download a new port skeleton for the orville-write port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf +8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV +9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr +YTNtkrInpV0= +=c84W +-----END PGP SIGNATURE----- |