aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-02:02.pw.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-02:02.pw.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-02:02.pw.asc97
1 files changed, 0 insertions, 97 deletions
diff --git a/share/security/advisories/FreeBSD-SA-02:02.pw.asc b/share/security/advisories/FreeBSD-SA-02:02.pw.asc
deleted file mode 100644
index 2a5c1bf259..0000000000
--- a/share/security/advisories/FreeBSD-SA-02:02.pw.asc
+++ /dev/null
@@ -1,97 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-
-=============================================================================
-FreeBSD-SA-02:02 Security Advisory
- FreeBSD, Inc.
-
-Topic: pw(8) race condition may allow disclosure of master.passwd
-
-Category: core
-Module: pw
-Announced: 2002-01-04
-Credits: ryan beasley <ryanb@goddamnbastard.org>
-Affects: All releases prior to 4.5-RELEASE,
- 4.4-STABLE prior to the correction date
-Corrected: 2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4)
- 2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4)
- 2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3)
-FreeBSD only: YES
-
-I. Background
-
-The pw(8) utility is used to create, remove, modify, and display system
-users and groups.
-
-II. Problem Description
-
-When creating, removing, or modifying system users, the pw utility
-modifies the system password file `/etc/master.passwd'. This file
-contains the users' encrypted passwords and is normally only readable
-by root. During the modification, a temporary copy of the file is
-created. However, this temporary file is mistakenly created with
-permissions that allow it to be read by any user.
-
-III. Impact
-
-A local attacker can read the temporary file created by pw(8) and
-use the encrypted passwords to conduct an off-line dictionary attack.
-A successful attack would result in the recovery of one or more
-passwords. Because the temporary file is short-lived (it is removed
-almost immediately after creation), this can be difficult to exploit:
-an attacker must `race' to read the file before it is removed.
-
-IV. Workaround
-
-1) Do not use pw(8) to create, remove, or modify system users.
-
-V. Solution
-
-One of the following:
-
-1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the
-4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE
-security-fix branch (RELENG_4_3), dated after the correction date.
-
-2) FreeBSD 4.x systems prior to the correction date:
-
-The following patch has been verified to apply to FreeBSD 4.3-RELEASE,
-4.4-RELEASE, and 4-STABLE dated prior to the correction date. This
-patch may or may not apply to older, unsupported releases of FreeBSD.
-
-Download the patch and the detached PGP signature from the following
-locations, and verify the signature using your PGP utility.
-
-ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch
-ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc
-
-Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-# cd /usr/src/usr.sbin/pw
-# make depend && make all install
-
-VI. Correction details
-
-The following list contains the $FreeBSD$ revision numbers of each
-file that was corrected in the FreeBSD source
-
-Path Revision
- Branch
-- -------------------------------------------------------------------------
-src/usr.sbin/pw/pwupd.c
- HEAD (CURRENT) 1.18
- RELENG_4 (4-STABLE) 1.12.2.4
- RELENG_4_4 (4.4-RELEASE security branch) 1.12.2.3.4.1
- RELENG_4_3 (4.3-RELEASE security branch) 1.12.2.3.2.1
-- -------------------------------------------------------------------------
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.0.6 (FreeBSD)
-Comment: For info see http://www.gnupg.org
-
-iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6
-j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv
-e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl
-qNU0wX2XJU0=
-=g2Uh
------END PGP SIGNATURE-----