diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc b/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc deleted file mode 100644 index 29b10472e1..0000000000 --- a/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc +++ /dev/null @@ -1,84 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-00:80 Security Advisory - FreeBSD, Inc. - -Topic: halflifeserver allows remote code execution - -Category: ports -Module: halflifeserver -Announced: 2000-12-20 -Credits: Mark Cooper -Affects: Ports collection prior to the correction date. -Corrected: 2000-11-29 -Vendor status: Updated version released -FreeBSD only: NO - -I. Background - -halflifeserver is a dedicated server for hosting Half-Life games. - -II. Problem Description - -The halflifeserver port, versions prior to 3.1.0.4, contains local and -remote vulnerabilities through buffer overflows and format string -vulnerabilities. These vulnerabilities may allow remote users to -execute arbitrary code as the user running halflifeserver. - -The halflifeserver port is not installed by default, nor is it "part -of FreeBSD" as such: it is part of the FreeBSD ports collection, which -contains over 4200 third-party applications in a ready-to-install -format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 -contain this problem since it was discovered after the releases. - -FreeBSD makes no claim about the security of these third-party -applications, although an effort is underway to provide a security -audit of the most security-critical ports. - -III. Impact - -Malicious remote users may execute arbitrary code as the user running -the halflifeserver software. - -If you have not chosen to install the halflifeserver port/package, -then your system is not vulnerable to this problem. - -IV. Workaround - -Deinstall the halflifeserver port/package, if you have installed it. - -V. Solution - -One of the following: - -1) Upgrade your entire ports collection and rebuild the halflifeserver -port. - -2) download a new port skeleton for the halflifeserver port from: - -http://www.freebsd.org/ports/ - -and use it to rebuild the port. Due to license restrictions no binary -package is provided for the halflifeserver port. - -3) Use the portcheckout utility to automate option (2) above. The -portcheckout port is available in /usr/ports/devel/portcheckout or the -package can be obtained from: - -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz - ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.0.4 (FreeBSD) -Comment: For info see http://www.gnupg.org - -iQCVAwUBOkDIQVUuHi5z0oilAQGcqQQApE+76gPjqdkQf9TvbGBThPxcSocU8F+N -GHiBPzkrgVHqCLYee0sywsQ4KRg2awuq+sP6EcqLTfaIGLZqPgS4xNZ6gqOrrgLP -wxvGdtlqgad5lXLEvs1uYwBmj+lTNteYWy6KC04za2rLHYdkZce21kyj+6preXZs -trAQ2uVDvsM= -=s4GT ------END PGP SIGNATURE----- |