diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:49.eject.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-00:49.eject.asc | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:49.eject.asc b/share/security/advisories/FreeBSD-SA-00:49.eject.asc deleted file mode 100644 index d3f59587a5..0000000000 --- a/share/security/advisories/FreeBSD-SA-00:49.eject.asc +++ /dev/null @@ -1,94 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-00:49 Security Advisory - FreeBSD, Inc. - -Topic: eject port allows local root exploit - -Category: ports -Module: eject -Announced: 2000-09-13 -Affects: Ports collection. -Corrected: 2000-08-21 -Credits: Discovered during internal auditing -Vendor status: Contacted -FreeBSD only: NO - -I. Background - -Eject is a utility for ejecting the media from a CD or optical disk -drive. - -II. Problem Description - -The eject program is installed setuid root, and contains several -exploitable buffers which can be overflowed by local users, yielding -root privileges. - -The eject port is not installed by default, nor is it "part of -FreeBSD" as such: it is part of the FreeBSD ports collection, which -contains over 3800 third-party applications in a ready-to-install -format. The ports collections shipped with FreeBSD 4.1 and 3.5.1 -contain this problem since it was discovered after the releases. - -FreeBSD makes no claim about the security of these third-party -applications, although an effort is underway to provide a security -audit of the most security-critical ports. - -III. Impact - -Unprivileged users can obtain root privileges on the local system. - -If you have not chosen to install the eject port/package, then your -system is not vulnerable to this problem. - -IV. Workaround - -Deinstall the eject port/package, if you have installed it, or limit -the file permissions on the /usr/local/sbin/eject file (e.g. remove -setuid permission, or limit it to a trusted group) - -V. Solution - -One of the following: - -1) Upgrade your entire ports collection and rebuild the eject port. - -2) Deinstall the old package and install a new package dated after the -correction date, obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz - -NOTE: Be sure to check the file creation date on the package, because -the version number of the software has not changed. - -3) download a new port skeleton for the eject port from: - -http://www.freebsd.org/ports/ - -and use it to rebuild the port. - -4) Use the portcheckout utility to automate option (3) above. The -portcheckout port is available in /usr/ports/devel/portcheckout or the -package can be obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBOb/kCVUuHi5z0oilAQHfygP/d5QizD/ClKWD6MiKke2lspaI4sLTAKAh -QpnrJv2nF7tgK5DV+7X8J9f4dtSLippccwCscsvF8GT8d6RleP3dN0KfDRou/W/d -BVUgj2SfRNvsacbc8SyiaekT8ylne70WcYT93RrJ7vWbxTRXGEnOkbJD1rgDSksP -RLywyeVfI+U= -=G4Dr ------END PGP SIGNATURE----- |