diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-02:02.pw.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-02:02.pw.asc | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/share/security/advisories/FreeBSD-SA-02:02.pw.asc b/share/security/advisories/FreeBSD-SA-02:02.pw.asc deleted file mode 100644 index 2a5c1bf259..0000000000 --- a/share/security/advisories/FreeBSD-SA-02:02.pw.asc +++ /dev/null @@ -1,97 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-02:02 Security Advisory - FreeBSD, Inc. - -Topic: pw(8) race condition may allow disclosure of master.passwd - -Category: core -Module: pw -Announced: 2002-01-04 -Credits: ryan beasley <ryanb@goddamnbastard.org> -Affects: All releases prior to 4.5-RELEASE, - 4.4-STABLE prior to the correction date -Corrected: 2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4) - 2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4) - 2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3) -FreeBSD only: YES - -I. Background - -The pw(8) utility is used to create, remove, modify, and display system -users and groups. - -II. Problem Description - -When creating, removing, or modifying system users, the pw utility -modifies the system password file `/etc/master.passwd'. This file -contains the users' encrypted passwords and is normally only readable -by root. During the modification, a temporary copy of the file is -created. However, this temporary file is mistakenly created with -permissions that allow it to be read by any user. - -III. Impact - -A local attacker can read the temporary file created by pw(8) and -use the encrypted passwords to conduct an off-line dictionary attack. -A successful attack would result in the recovery of one or more -passwords. Because the temporary file is short-lived (it is removed -almost immediately after creation), this can be difficult to exploit: -an attacker must `race' to read the file before it is removed. - -IV. Workaround - -1) Do not use pw(8) to create, remove, or modify system users. - -V. Solution - -One of the following: - -1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the -4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE -security-fix branch (RELENG_4_3), dated after the correction date. - -2) FreeBSD 4.x systems prior to the correction date: - -The following patch has been verified to apply to FreeBSD 4.3-RELEASE, -4.4-RELEASE, and 4-STABLE dated prior to the correction date. This -patch may or may not apply to older, unsupported releases of FreeBSD. - -Download the patch and the detached PGP signature from the following -locations, and verify the signature using your PGP utility. - -ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch -ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc - -Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/usr.sbin/pw -# make depend && make all install - -VI. Correction details - -The following list contains the $FreeBSD$ revision numbers of each -file that was corrected in the FreeBSD source - -Path Revision - Branch -- ------------------------------------------------------------------------- -src/usr.sbin/pw/pwupd.c - HEAD (CURRENT) 1.18 - RELENG_4 (4-STABLE) 1.12.2.4 - RELENG_4_4 (4.4-RELEASE security branch) 1.12.2.3.4.1 - RELENG_4_3 (4.3-RELEASE security branch) 1.12.2.3.2.1 -- ------------------------------------------------------------------------- ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.0.6 (FreeBSD) -Comment: For info see http://www.gnupg.org - -iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6 -j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv -e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl -qNU0wX2XJU0= -=g2Uh ------END PGP SIGNATURE----- |