22 messages in org.freebsd.freebsd-securityRE: FreeBSD Security Advisory FreeBSD...| From | Sent On | Attachments |
|---|---|---|
| FreeBSD Security Advisories | Jul 10, 2001 7:01 am | |
| Mike Tancsa | Jul 10, 2001 7:04 am | |
| Mike Tancsa | Jul 10, 2001 9:24 am | |
| Jason DiCioccio | Jul 10, 2001 9:27 am | |
| Jason DiCioccio | Jul 10, 2001 9:39 am | |
| Alex Popa | Jul 10, 2001 1:46 pm | |
| Przemyslaw Frasunek | Jul 10, 2001 2:09 pm | |
| Alex Popa | Jul 10, 2001 2:09 pm | |
| Christopher Schulte | Jul 10, 2001 2:15 pm | |
| bow | Jul 10, 2001 3:14 pm | |
| Joe Oliveiro | Jul 10, 2001 3:18 pm | |
| Domas Mituzas | Jul 10, 2001 3:44 pm | |
| Dima Dorfman | Jul 10, 2001 6:59 pm | |
| Jacques A. Vidrine | Jul 11, 2001 8:45 am | |
| Kris Kennaway | Jul 11, 2001 11:44 am | |
| Kris Kennaway | Jul 11, 2001 12:05 pm | |
| Kris Kennaway | Jul 11, 2001 12:18 pm | |
| Kris Kennaway | Jul 11, 2001 12:21 pm | |
| Jacques A. Vidrine | Jul 11, 2001 12:29 pm | |
| Kris Kennaway | Jul 11, 2001 12:32 pm | |
| Dima Dorfman | Jul 11, 2001 3:48 pm | |
| Kris Kennaway | Jul 11, 2001 3:58 pm |
| Subject: | RE: FreeBSD Security Advisory FreeBSD-SA-01: | |
|---|---|---|
| From: | Joe Oliveiro (jo...@advancewebhosting.com) | |
| Date: | Jul 10, 2001 3:18:14 pm | |
| List: | org.freebsd.freebsd-security | |
but like it says, its only if you have untrusted users on your box.
On Tue, 10 Jul 2001, Jason DiCioccio wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Yes, I just exploited it with the exploit posted to bugtraq, it is trivial.. the only way I have found to temporarily stop stupid script kiddies while I upgrade is:
touch /tmp/sh chmod 0 /tmp/sh
I'd upgrade real soon..
Cheers, - -JD-
- -----Original Message----- From: Mike Tancsa [mailto:mi...@sentex.net] Sent: Tuesday, July 10, 2001 9:25 AM To: secu...@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:
Does anyone know if there are active exploits out there for this issue ? Is it trivial / script kiddie friendly hole ? Just trying to get a sense of how urgent it is to upgrade.
---Mike
At 07:02 AM 7/10/01 -0700, FreeBSD Security Advisories wrote:
-----BEGIN PGP SIGNED MESSAGE-----
===================================================================== ======== FreeBSD-SA-01:42 Security Advisory
FreeBSD, Inc.
Topic: signal handling during exec may allow local root compromise
Category: core Module: kernel Announced: 2001-07-10 Credits: Georgi Guninski <guni...@guninski.com> Affects: All released versions of FreeBSD 4.x, FreeBSD 4.3-STABLE prior to the correction date. Corrected: 2001-07-09 FreeBSD only: Yes
I. Background
When a process forks, it inherits the parent's signals. When the process execs, the kernel clears the signal handlers because they are not valid in the new address space.
II. Problem Description
A flaw exists in FreeBSD signal handler clearing that would allow for some signal handlers to remain in effect after the exec. Most of the signals were cleared, but some signal hanlders were not. This allowed an attacker to execute arbitrary code in the context of a setuid binary.
All versions of 4.x prior to the correction date including and 4.3-RELEASE are vulnerable to this problem. The problem has been corrected by copying the inherited signal handlers and resetting the signals instead of sharing the signal handlers.
III. Impact
Local users may be able to gain increased privileges on the local system.
IV. Workaround
Do not allow untrusted users to gain access to the local system.
V. Solution
One of the following:
1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the correction date.
2) To patch your present system: download the relevant patch from the below location, and execute the following commands as root:
[FreeBSD 4.1, 4.2, and 4.3 base systems]
This patch has been verified to apply to FreeBSD 4.1, 4.2, and 4.3 only. It may or may not apply to older releases.
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.pa tch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.pa tch.asc
Verify the detached PGP signature using your PGP utility.
# cd /usr/src/sys/kern # patch -p < /path/to/patch
[ Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system ]
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve
iQCVAwUBO0sBrlUuHi5z0oilAQF4nAP/Wi8RsYGjJQ7NgP/+FwMs8/lekAJ9iEan 3Ph7xpsFEhJFWhCfrhmM71fMnOwpZ5kijztSOEko7TMRzTtG+dZLKcCKmVg+a1dT SJmm2SJp3NE1nlYVqSH1vfVeVcJI5rtAQ33gTPhiL5U26AMr4wep/Elv1p/Shb/D CUpueXr6tEE= =n74Z -----END PGP SIGNATURE-----
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO0swv1CmU62pemyaEQIRMwCgrtEr+ECiBqG3U2LVyiXr/4qG6d8AniiH Hg2QUoJx7soua+XBKajtExuV =Zw3k -----END PGP SIGNATURE-----
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message