diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:40.mopd.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-00:40.mopd.asc | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:40.mopd.asc b/share/security/advisories/FreeBSD-SA-00:40.mopd.asc deleted file mode 100644 index de83429e7c..0000000000 --- a/share/security/advisories/FreeBSD-SA-00:40.mopd.asc +++ /dev/null @@ -1,98 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-00:40 Security Advisory - FreeBSD, Inc. - -Topic: mopd port allows remote root compromise - -Category: ports -Module: mopd -Announced: 2000-08-28 -Credits: Matt Power <mhpower@MIT.EDU>, OpenBSD -Affects: Ports collection prior to the correction date. -Corrected: 2000-08-09 -Vendor status: Contacted -FreeBSD only: NO - -I. Background - -mopd is used for netbooting older DEC machines such as VAXen and -DECstations. - -II. Problem Description - -The mopd port contains several remotely exploitable -vulnerabilities. An attacker exploiting these can execute arbitrary -code on the local machine as root. - -The mopd port is not installed by default, nor is it "part of FreeBSD" -as such: it is part of the FreeBSD ports collection, which contains -over 3700 third-party applications in a ready-to-install format. The -ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE -contain this problem, since it was discovered after the releases. - -FreeBSD makes no claim about the security of these third-party -applications, although an effort is underway to provide a security -audit of the most security-critical ports. - -III. Impact - -Remote users can execute arbitrary code on the local machine as root. - -If you have not chosen to install the mopd port/package, then your -system is not vulnerable to this problem. - -IV. Workaround - -One of the following: - -1) Deinstall the mopd port/package, if you have installed it. - -2) Restrict access to the mopd port using a perimeter firewall, or -ipfw(8)/ipf(8) on the local machine. Note that users who pass these -access restrictions may still exploit the vulnerability. - -V. Solution - -One of the following: - -1) Upgrade your entire ports collection and rebuild the mopd port. - -2) Deinstall the old package and install a new package dated after the -correction date, obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz - -NOTE: Be sure to check the file creation date on the package, because -the version number of the software has not changed. - -3) download a new port skeleton for the mopd port from: - -http://www.freebsd.org/ports/ - -and use it to rebuild the port. - -4) Use the portcheckout utility to automate option (3) above. The -portcheckout port is available in /usr/ports/devel/portcheckout or the -package can be obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBOaqy6FUuHi5z0oilAQG14gQAn9RVxulK3pIyHi3aQ5j9p0OnlOoP9Wg2 -yKEPARafL+WXHS1oJ+5ZGdhUG2rZjU1QktS0xTy5PXSo0mcX91jLJ7ASwg6K5w2e -rpZMBRHZVFy3HltzFxwygZGGbENIbZNzZ9Qd9Luq/OPPxZzb/9NsHnUovk5/lyIE -yCAt/USxiDs= -=tlfC ------END PGP SIGNATURE----- |