[FUGSPBR] FreeBSD Security Advisory FreeBSD-SA-01:
Vitor de M. Carvalho
bigshot em bigshot.com.br
Ter Jul 10 18:44:34 BRT 2001
Bug reportado na FreeBSD security-advisories
Atenciosamente,
Vitor de M. Carvalho
Also known as/aka/nick "BigShot"
System Network Administrator - SoftInfo
FreeBSD - The Power To Serve
ICQ - 41747397
----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
To: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
Sent: Tuesday, July 10, 2001 11:02 AM
Subject: FreeBSD Security Advisory FreeBSD-SA-01:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
============================================================================
=
> FreeBSD-SA-01:42 Security
Advisory
> FreeBSD,
Inc.
>
> Topic: signal handling during exec may allow local root
> compromise
>
> Category: core
> Module: kernel
> Announced: 2001-07-10
> Credits: Georgi Guninski <guninski em guninski.com>
> Affects: All released versions of FreeBSD 4.x,
> FreeBSD 4.3-STABLE prior to the correction date.
> Corrected: 2001-07-09
> FreeBSD only: Yes
>
> I. Background
>
> When a process forks, it inherits the parent's signals. When the
> process execs, the kernel clears the signal handlers because they are
> not valid in the new address space.
>
> II. Problem Description
>
> A flaw exists in FreeBSD signal handler clearing that would allow for
> some signal handlers to remain in effect after the exec. Most of the
> signals were cleared, but some signal hanlders were not. This allowed
> an attacker to execute arbitrary code in the context of a setuid
> binary.
>
> All versions of 4.x prior to the correction date including and
> 4.3-RELEASE are vulnerable to this problem. The problem has been
> corrected by copying the inherited signal handlers and resetting the
> signals instead of sharing the signal handlers.
>
> III. Impact
>
> Local users may be able to gain increased privileges on the local
> system.
>
> IV. Workaround
>
> Do not allow untrusted users to gain access to the local system.
>
> V. Solution
>
> One of the following:
>
> 1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the
> correction date.
>
> 2) To patch your present system: download the relevant patch from the
> below location, and execute the following commands as root:
>
> [FreeBSD 4.1, 4.2, and 4.3 base systems]
>
> This patch has been verified to apply to FreeBSD 4.1, 4.2, and 4.3 only.
> It may or may not apply to older releases.
>
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch.asc
>
> Verify the detached PGP signature using your PGP utility.
>
> # cd /usr/src/sys/kern
> # patch -p < /path/to/patch
>
> [ Recompile your kernel as described in
> http://www.freebsd.org/handbook/kernelconfig.html and reboot the
> system ]
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: FreeBSD: The Power To Serve
>
> iQCVAwUBO0sBrlUuHi5z0oilAQF4nAP/Wi8RsYGjJQ7NgP/+FwMs8/lekAJ9iEan
> 3Ph7xpsFEhJFWhCfrhmM71fMnOwpZ5kijztSOEko7TMRzTtG+dZLKcCKmVg+a1dT
> SJmm2SJp3NE1nlYVqSH1vfVeVcJI5rtAQ33gTPhiL5U26AMr4wep/Elv1p/Shb/D
> CUpueXr6tEE=
> =n74Z
> -----END PGP SIGNATURE-----
>
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
>
>
> To Unsubscribe: send mail to majordomo em FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message
>
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.
Mais detalhes sobre a lista de discussão freebsd