Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs
From: FreeBSD Security Officer (security-officerFREEBSD.ORG)
Date: Wed Apr 19 2000 - 16:26:38 CDT
- Next message: Mike Ireton: "Adtran DoS"
- Previous message: Narrow: "More vulnerabilities in FP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-SA-00:13 Security Advisory
Topic: generic-nqs contains a local root compromise
Credits: Philippe Andersson <philippe_anderssonSTE.SCITEX.COM>
Affects: Ports collection before the correction date.
Vendor status: Updated version released.
FreeBSD only: NO
Generic-NQS is a Network Queuing System for batch-processing jobs across
II. Problem Description
Generic-NQS versions 3.50.7 and earlier contain a security vulnerability
which allow a local user to easily obtain root privileges. Unfortunately,
further details of the location and nature of the vulnerability were not
provided by the original poster, upon request of the Generic-NQS
The generic-nqs port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3200 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.0 contains this
problem since it was discovered after the release.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
A local user can obtain root privileges by exploiting a vulnerability
in the generic-nqs package.
If you have not chosen to install the generic-nqs port/package, then your
system is not vulnerable to this problem.
Remove the generic-nqs port, if you you have installed it.
1) Upgrade your entire ports collection and rebuild the generic-nqs port.
2) Reinstall a new package dated after the correction date, obtained from:
Note that it may be a few days before the updated package is available.
3) download a new port skeleton for the generic-nqs port from:
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----