OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: FreeBSD Security Advisories (security-advisoriesfreebsd.org)
Date: Mon Jan 29 2001 - 15:06:12 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    =============================================================================
    FreeBSD-SA-01:12 Security Advisory
                                                                    FreeBSD, Inc.

    Topic: periodic uses insecure temporary files [REVISED]

    Category: core
    Module: periodic
    Announced: 2001-01-29
    Revised: 2001-01-29
    Credits: David Lary <dlarysecureworks.net>
    Affects: FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE,
                    and 4.1.1-STABLE prior to the correction date.
                    No FreeBSD 3.x versions are affected.
    Corrected: 2000-11-11
    FreeBSD only: Yes

    0. Revision History

    v1.0 2001-01-29 Initial release
    v1.1 2001-01-29 Correctly credit original problem reporter

    I. Background

    periodic is a program to run periodic system functions.

    II. Problem Description

    A vulnerability was inadvertently introduced into periodic that caused
    temporary files with insecure file names to be used in the system's
    temporary directory. This may allow a malicious local user to cause
    arbitrary files on the system to be corrupted.

    By default, periodic is normally called by cron for daily, weekly, and
    monthly maintenance. Because these scripts run as root, an attacker
    may potentially corrupt any file on the system.

    FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and 4.1.1-STABLE
    prior to the correction date are vulnerable. The problem was
    corrected prior to the release of FreeBSD 4.2.

    III. Impact

    Malicious local users can cause arbitrary files on the system to be
    corrupted.

    IV. Workaround

    Do not allow periodic to be used in untrusted multi-user environments.

    Disable the normal periodic system maintenance scripts by either
    commenting-out or removing the periodic entries in /etc/crontab.

    V. Solution

    One of the following:

    1) Upgrade the vulnerable FreeBSD system to 4.1.1-STABLE after the
    correction date.

    2) Affected FreeBSD 4.x systems prior to the correction date:

    Download the patch and the detached PGP signature from the following
    locations, and verify the signature using your PGP utility.

    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch.asc

    Execute the following commands as root:

    # cd /usr/src/usr.sbin/periodic
    # patch -p < /path/to/patch
    # make depend && make all install
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (FreeBSD)
    Comment: For info see http://www.gnupg.org

    iQCVAwUBOnXa7lUuHi5z0oilAQHW2AP7BP+YRA93Guy+ImRy1O2IHw/6qYBivSA1
    fpYrTERUyyBHbe04KypWjloHfzvKIZoYApXdleECkVBPMYwNPNixTYVrU4zR4qbC
    EjgtF4OhjLjmO/LqbKPiwDC7TEWWi3OtPWwpJlqT7uNoHmg+o6ySTJPPyrpAFuUQ
    FS8I+DjVESA=
    =wBFp
    -----END PGP SIGNATURE-----

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message