diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc b/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc deleted file mode 100644 index eb22d75ff9..0000000000 --- a/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc +++ /dev/null @@ -1,108 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-02:01 Security Advisory - FreeBSD, Inc. - -Topic: Directory permission vulnerability in pkg_add [REVISED] - -Category: core -Module: pkg_install -Announced: 2002-01-04 -Revised: 2002-01-07 -Credits: The Anarcat <anarcat@anarcat.dyndns.org> -Affects: All versions of FreeBSD prior to the correction date. -Corrected: 2001/11/22 17:40:36 UTC (4.4-STABLE aka RELENG_4) - 2001/12/07 20:58:46 UTC (4.4-RELEASEp1 aka RELENG_4_4) - 2001/12/07 20:57:19 UTC (4.3-RELEASEp21 aka RELENG_4_3) -FreeBSD only: NO - -0. Revision History - -v1.0 2002-01-04 Initial release -v1.1 2002-01-07 Correct terminology in problem description. - -I. Background - -pkg_add is a utility program used to install software package -distributions on FreeBSD systems. - -II. Problem Description - -pkg_add extracts the contents of the package to a temporary directory, -then moves files from the temporary directory to their ultimate -destination on the system. The temporary directory used in the -extraction was created with world-searchable permissions, allowing -arbitrary users to examine the contents of the package as it was -being extracted. This might allow users to attack world-writable -parts of the package during installation. - -III. Impact - -A local attacker may be able to modify the package contents and -potentially elevate privileges or otherwise compromise the system. -There are no known exploits as of the date of this advisory. - -IV. Workaround - -1) Remove or discontinue use of the pkg_add binary until it has -been upgraded. - -2) When running pkg_add, create a secure temporary directory (such -as /var/tmp/inst) and secure the directory permissions (chmod 700 -/var/tmp/inst). Set the TMPDIR environment variable to this -directory before running pkg_add. - -V. Solution - -1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the -RELENG_4_4 or RELENG_4_3 security branches dated after the respective -correction dates. - -2) FreeBSD 4.x systems prior to the correction date: - -The following patch has been verified to apply to FreeBSD 4.3-RELEASE, -4.4-RELEASE, and 4-STABLE dated prior to the correction date. This -patch may or may not apply to older, unsupported releases of FreeBSD. - -Download the patch and the detached PGP signature from the following -locations, and verify the signature using your PGP utility. - -ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch -ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch.asc - -Execute the following commands as root: - -# cd /usr/src -# patch -p < /path/to/patch -# cd /usr/src/usr.sbin/pkg_install -# make depend && make all install - -VI. Correction details - -The following list contains the $FreeBSD$ revision numbers of each -file that was corrected in the FreeBSD source - -Path Revision - Branch -- ------------------------------------------------------------------------- -src/usr.sbin/pkg_install/lib/pen.c - HEAD 1.37 - RELENG_4 1.31.2.6 - RELENG_4_4 1.31.2.2.2.1 - RELENG_4_3 1.31.2.1.2.1 -- ------------------------------------------------------------------------- - -VII. References - -<URL:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32172> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.0.6 (FreeBSD) -Comment: For info see http://www.gnupg.org - -iQCVAwUBPDnE7VUuHi5z0oilAQHc3AP+IVLft31MShGngUPRQOQRHsNPjdqwdacj -ptKjsMfGCpDRyqgIc8CoaI/Bln6VKkKS3HuOYx4pYOPY5QjBPy9JpPSJrAxP/H/N -424apgpo2eCmGcoIbCdM2RH1YYyKZANzt5igWNss1FbppvYbVwx+zZPBA4dyl9MZ -8rat83zoMAc= -=g74K ------END PGP SIGNATURE----- |