-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:22 Security Advisory FreeBSD, Inc. Topic: dc20ctrl port contains a locally exploitable buffer overflow yielding gid dialer Category: ports Module: dc20ctrl Announced: 2001-02-07 Credits: Found during internal auditing Affects: Ports collection prior to the correction date. Corrected: 2001-02-07 Vendor status: Vendor notified FreeBSD only: No I. Background dc20ctrl is a program to control Kodak DC20 digital cameras. II. Problem Description The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices. The dc20ctrl port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4500 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Unprivileged local users may gain increased privileges on the local system including potentially unauthorized access to the serial port devices. If you have not chosen to install the dc20ctrl port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the dc20ctrl port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the dc20ctrl port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/dc20ctrl-0.4_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/dc20ctrl-0.4_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/dc20ctrl-0.4_1.tgz NOTE: it may be several days before updated packages are available. [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) download a new port skeleton for the dc20ctrl from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOoGyClUuHi5z0oilAQFzvgP/fhW32mvqDBlqUodUFjjWYmRaLJmaU3Wi zNm5C/eb36jA9auvmZv9lE4UOlkPng1Kvhg8z0cSvWzhEUNk9IAdklvGsGXhvN/I rjJHdVG6qSFmmsfSrlQwwfNqbhivPITM7Iv2xH0WPLoaStvMnFFmm4bERPJ/4hAq 8O9ZKoRXqyA= =J8Ao -----END PGP SIGNATURE-----