aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:10.orville-write.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-00:10.orville-write.asc90
1 files changed, 90 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc
new file mode 100644
index 0000000000..70bf197319
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:10 Security Advisory
+ FreeBSD, Inc.
+
+Topic: orville-write port contains local root compromise.
+
+Category: ports
+Module: orville-write
+Announced: 2000-03-15
+Affects: Ports collection before the correction date.
+Corrected: 2000-03-09
+FreeBSD only: Yes
+
+I. Background
+
+Orville-write is a replacement for the write(1) command, which
+provides improved control over message delivery and other features.
+
+II. Problem Description
+
+One of the commands installed by the port is incorrectly installed
+with setuid root permissions. The 'huh' command should not have any
+special privileges since it is intended to be run by the local user to
+view his saved messages.
+
+The orville-write port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install
+format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
+this problem.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit of
+the most security-critical ports.
+
+III. Impact
+
+A local user can exploit a buffer overflow in the 'huh' utility to
+obtain root privileges.
+
+If you have not chosen to install the orville-write port/package, then
+your system is not vulnerable.
+
+IV. Workaround
+
+Remove the orville-write port if you have installed it.
+
+V. Solution
+
+Remove the setuid bit from the huh utility, by executing the following
+command as root:
+
+chmod u-s /usr/local/bin/huh
+
+It is not necessary to reinstall the orville-write port, although this
+can be done in one of the following ways if desired:
+
+1) Upgrade your entire ports collection and rebuild the orville-write port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz
+
+Note: it may be several days before the updated packages are available.
+
+3) download a new port skeleton for the orville-write port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf
+8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV
+9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr
+YTNtkrInpV0=
+=c84W
+-----END PGP SIGNATURE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 17:24:45 +0000