diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-96:16.rdist.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-96:16.rdist.asc | 118 |
1 files changed, 0 insertions, 118 deletions
diff --git a/share/security/advisories/FreeBSD-SA-96:16.rdist.asc b/share/security/advisories/FreeBSD-SA-96:16.rdist.asc deleted file mode 100644 index 39a5c76691..0000000000 --- a/share/security/advisories/FreeBSD-SA-96:16.rdist.asc +++ /dev/null @@ -1,118 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SA-96:16 Security Advisory -Revised: Fri Jul 12 09:32:53 PDT 1996 FreeBSD, Inc. - -Topic: security vulnerability in rdist - -Category: core -Module: rdist -Announced: 1996-07-12 -Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current -Corrected: 2.1-stable and 2.2-current as of 1996-07-11 -Source: 4.4BSD (lite) -FreeBSD only: no - -Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:16/ -Reference: [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 - -============================================================================= - -I. Background - - A bug was found in the BSD rdist utility which can allow - an unprivileged local user to gain unauthorized access. - This problem is present in all source code and binary - distributions of FreeBSD version 2.x released before 1996-07-12. - - rdist has been the subject of security vulnerabilities in the past. - This is a newly discovered vulnerability not related to previous - race conditions fixed in rdist. - - -II. Problem Description - - rdist creates an error message based on a user provided string, - without checking bounds on the buffer used. This buffer is - on the stack, and can therefore be used to execute arbitrary - instructions. - - -III. Impact - - This vulnerability can allow a local user to obtain superuser - privileges. It may only be exploited by users with a valid - account on the local system. It is present in almost all BSD - derived operating systems with a "setuid" rdist program. - - -IV. Workaround - - The rdist program must be setuid root to function properly. - This vulnerability can be eliminated by making rdist not - executable by unprivileged users. Since this limits the - usefulness of the program, a software update is advised. - - This workaround will work for all versions of FreeBSD affected - by this problem. - - As root, execute the commands: - - # chflags noschg /usr/bin/rdist - # chmod u-s,go-rx /usr/bin/rdist - - then verify that the setuid permissions of the files have been - removed. The permissions array should read "-r-x------" as - shown here: - - # ls -l /usr/bin/rdist - -r-x------ 1 root bin 49152 Jun 16 10:46 rdist - - -V. Solution(s) - - Apply the available via FTP from the patch directory noted - at the top of this message. Recompile, and reinstall the - rdist program. This patch is known to apply to all - FreeBSD 2.x systems, it has not been tested with FreeBSD 1.x. - - The [8lgm] organization correctly points out that this program - does not have a particularly good security "history." While - the patch for this vulnerability does solve this particular - problem, it's not clear if other security issues involving rdist - will appear in the future. - - Administrators should consider whether it is appropriate to - remove the standard rdist program and upgrade to rdist - version 6, which is available as a FreeBSD port. - - FreeBSD, Inc. has not replaced the standard BSD rdist with - the newer code because the new rdist is not protocol-compatible - with the original version. - - -============================================================================= -FreeBSD, Inc. - -Web Site: http://www.freebsd.org/ -Confidential contacts: security-officer@freebsd.org -PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc -Security notifications: security-notifications@freebsd.org -Security public discussion: security@freebsd.org - -Notice: Any patches in this document may not apply cleanly due to - modifications caused by digital signature or mailer software. - Please reference the URL listed at the top of this document - for original copies of all patches if necessary. -============================================================================= - ------BEGIN PGP SIGNATURE----- -Version: 2.6.2 - -iQCVAwUBMeaC1FUuHi5z0oilAQHtzQP/U1f9y0R+upwCs5IFeBCUBVkFWUeJ/Wwb -CJPFmsBr54quI6Aie/LXa/Qw8EdrL54GIiNDZYkAzb9XvWOehOsmtoYN4oj0JAbJ -lesq746xOEfNMtpL866T8dxJRTsK98VMSaZK5IU8fVpVYUURcVDv+y+bqfL72Mst -3ajof2ieNxE= -=j2z5 ------END PGP SIGNATURE----- |