Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | FreeBSD releases major package updates (bitchx, canna, wu-ftpd, majordomo, xfree, popper, libedit) |
|---|
Categorie: Software
Posted: 2002-10-13 by Gmtech
Views: 599
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
FreeBSD has releases a few security updates for packages that are supplied with this operating system. The FreeBSD team advise that users upgrade their vulnerable packages as soon as possible.
BitchX:
The bitchx client incorrectly parses string-formatting operators included as part of channel invitation messages sent by remote IRC users. This can cause the local client to crash, and may possibly present the ability to execute arbitrary code as the local user.
(We already reported this vulnerability in a previous article: BitchX Denial of Service vulnerability (Patch released)
Impact:
Remote IRC users can cause the local client to crash, and possibly execute code as the local user.
If you have not chosen to install the bitchx port/package, then your system is not vulnerable to this problem.
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/bitchx-1.0c16.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/bitchx-1.0c16.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/bitchx-1.0c16.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/bitchx-1.0c16.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/bitchx-1.0c16.tar.gz
Canna:
The Canna server contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
Impact:
Remote users can run arbitrary code as user 'bin' on the local system. Depending on the local system configuration, the attacker may be able to upgrade privileges further by exploiting local vulnerabilities.
If you have not chosen to install the Canna port/package, then your system is not vulnerable to this problem.
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/Canna-3.2.2.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/Canna-3.2.2.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/Canna-3.2.2.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/Canna-3.2.2.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/Canna-3.2.2.tar.gz
Wu-FTPD:
The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
Impact:
Remote anonymous FTP users can cause arbitrary commands to be executed as root on the local machine.
If you have not chosen to install the wu-ftpd port/package, then your system is not vulnerable to this problem.
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tar.gz
Majordomo:
Majordomo contains a number of perl scripts which are executed by a setuid wrapper for providing mailing-list management functionality. However there are numerous weaknesses in these scripts which allow unprivileged users to run arbitrary commands as the majordomo user, as well as obtaining read and write access to the mailing list data.
Impact:
Unprivileged local users can run commands as the 'majordomo' user, including accessing and modifying mailing-list subscription data.
If you have not chosen to install the majordomo port/package, then your system is not vulnerable to this problem.
Workaround:
Uninstall the majordomo port/package, if you have installed it, or limit the permissions of the majordomo/ directory and/or its contents appropriately (see below).
Solution:
Since the vendor has chosen not to fix the various security holes in the default installation of majordomo, there is no simple solution. It may be possible to adequately secure the majordomo installation while retaining required functionality, by tightening the permissions on the /usr/local/majordomo directory and/or its contents, but these actions are not taken by the FreeBSD port and are beyond the scope of this advisory.
Instead it is recommended that majordomo not be used on a system which contains untrusted users, or an alternative mailing-list manager be used. There are several such utilities in the FreeBSD ports collection.
XFree86:
XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments.
The server binary is setuid root, in contrast to previous versions which had a small setuid wrapper which performed (among other things) argument sanitizing.
Impact:
Unprivileged local users can obtain root access.
If you have not chosen to install the XFree86-4 port/package, then your system is not vulnerable to this problem.
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.1.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.1.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/XFree86-4.0.1.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.1.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/XFree86-4.0.1.tar.gz
Popper:
The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
Impact:
Remote users can cause arbitrary code to be executed as the retrieving user when a POP client retrieves email.
If you have not chosen to install the popper port/package, then your system is not vulnerable to this problem.
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/popper-2.53.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/popper-2.53.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/popper-2.53.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/popper-2.53.tar.gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/popper-2.53.tar.gz
Libedit:
Libedit is a library of routines for providing command editing and history retrieval for interactive command-oriented programs.
Libedit incorrectly reads an ".editrc" file in the current directory if it exists, in order to specify configurable program behavior. However it does not check for ownership of the file, so an attacker can cause a libedit application to execute arbitrary key rebindings and exercise terminal capabilities by creating an .editrc file in a directory from which another user executes a libedit binary (e.g. root running ftp(1) from /tmp). This can be used to fool the user into unknowingly executing program commands which may compromise system security. For example, ftp(1) includes the ability to escape to a shell and execute a command, which can be done under libedit control.
The supplied patch removes this behavior and causes libedit to only search for its configuration file in the home directory of the user, if it exists and the binary is not running with increased privileges (i.e. setuid or setgid).
FreeBSD 3.5-RELEASE is not affected by this vulnerability, although 4.0-RELEASE is affected since the problem was discovered after it was released.
Impact:
An attacker can cause a user to execute arbitrary commands within a program which is run from a directory to which the attacker has write access, potentially leading to system compromise if run as a privileged user (such as root).
Patch:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:24/libedit.patch
| | Links |
|---|
BitchX Denial of Service vulnerability (Patch released)
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=54
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
