Date: Wed, 01 Oct 2003 19:01:00 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Frederick Anthony Nicholas Finch <fanf@FreeBSD.org> Subject: ports/57470: [SECURITY] port sysutils/cfengine2: remote root exploit Message-ID: <3F7B084C.4090808@fillmore-labs.com> Resent-Message-ID: <200310011710.h91HAFor049577@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57470 >Category: ports >Synopsis: [SECURITY] port sysutils/cfengine2: remote root exploit >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Oct 01 10:10:15 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Oliver Eikemeier >Release: FreeBSD 4.8-STABLE i386 >Organization: Fillmore Labs - http://www.fillmore-labs.com >Environment: System: FreeBSD nuuk.fillmore-labs.com 4.8-STABLE >Description: cfengine < 2.0.8 seems to be vulnerable to a remote root exploit. Port sysutils/cfengine2 has version 2.0.3, the port is part of the upcoming 4.9 release. The FreeBSD Security Officer Team was notified on September 30th, 2003. >How-To-Repeat: Advisories: http://www.securityfocus.com/archive/1/339083 http://packetstormsecurity.nl/0309-advisories/cfengine.txt http://www.securityfocus.com/bid/8699/ http://mail.gnu.org/archive/html/bug-cfengine/2003-08/msg00014.html Exploit: http://www.securityfocus.com/archive/1/339492 (Red Hat) >Fix: PR 56710 has an update to version 2.0.8p1, which is not vulnerable. Otherwise the port should be marked forbidden until it is upgraded. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7B084C.4090808>