Date: Tue, 10 Jul 2001 18:18:36 -0400 (EDT) From: Joe Oliveiro <joe@advancewebhosting.com> To: Jason DiCioccio <jdicioccio@epylon.com> Cc: "'Mike Tancsa'" <mike@sentex.net>, security@FreeBSD.ORG Subject: RE: FreeBSD Security Advisory FreeBSD-SA-01: Message-ID: <Pine.BSF.4.21.0107101818220.81390-100000@joe.pythonvideo.com> In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA02FFEFA3@goofy.epylon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
but like it says, its only if you have untrusted users on your box. On Tue, 10 Jul 2001, Jason DiCioccio wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yes, I just exploited it with the exploit posted to bugtraq, it is > trivial.. the only way I have found to temporarily stop stupid script > kiddies while I upgrade is: > > touch /tmp/sh > chmod 0 /tmp/sh > > I'd upgrade real soon.. > > Cheers, > - -JD- > > - -----Original Message----- > From: Mike Tancsa [mailto:mike@sentex.net] > Sent: Tuesday, July 10, 2001 9:25 AM > To: security@freebsd.org > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01: > > > > Does anyone know if there are active exploits out there for this > issue ? Is > it trivial / script kiddie friendly hole ? Just trying to get a > sense of > how urgent it is to upgrade. > > ---Mike > > > At 07:02 AM 7/10/01 -0700, FreeBSD Security Advisories wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > > > >===================================================================== > >======== FreeBSD-SA-01:42 > >Security Advisory > > > > FreeBSD, Inc. > > > >Topic: signal handling during exec may allow local root > > compromise > > > >Category: core > >Module: kernel > >Announced: 2001-07-10 > >Credits: Georgi Guninski <guninski@guninski.com> > >Affects: All released versions of FreeBSD 4.x, > > FreeBSD 4.3-STABLE prior to the correction date. > >Corrected: 2001-07-09 > >FreeBSD only: Yes > > > >I. Background > > > >When a process forks, it inherits the parent's signals. When the > >process execs, the kernel clears the signal handlers because they > >are not valid in the new address space. > > > >II. Problem Description > > > >A flaw exists in FreeBSD signal handler clearing that would allow > >for some signal handlers to remain in effect after the exec. Most > >of the signals were cleared, but some signal hanlders were not. > >This allowed an attacker to execute arbitrary code in the context of > >a setuid > >binary. > > > >All versions of 4.x prior to the correction date including and > >4.3-RELEASE are vulnerable to this problem. The problem has been > >corrected by copying the inherited signal handlers and resetting the > >signals instead of sharing the signal handlers. > > > >III. Impact > > > >Local users may be able to gain increased privileges on the local > >system. > > > >IV. Workaround > > > >Do not allow untrusted users to gain access to the local system. > > > >V. Solution > > > >One of the following: > > > >1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the > >correction date. > > > >2) To patch your present system: download the relevant patch from > >the below location, and execute the following commands as root: > > > >[FreeBSD 4.1, 4.2, and 4.3 base systems] > > > >This patch has been verified to apply to FreeBSD 4.1, 4.2, and 4.3 > >only. It may or may not apply to older releases. > > > ># fetch > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.pa > >tch # fetch > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.pa > >tch.asc > > > >Verify the detached PGP signature using your PGP utility. > > > ># cd /usr/src/sys/kern > ># patch -p < /path/to/patch > > > >[ Recompile your kernel as described in > >http://www.freebsd.org/handbook/kernelconfig.html and reboot the > >system ] > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.0.6 (FreeBSD) > >Comment: FreeBSD: The Power To Serve > > > >iQCVAwUBO0sBrlUuHi5z0oilAQF4nAP/Wi8RsYGjJQ7NgP/+FwMs8/lekAJ9iEan > >3Ph7xpsFEhJFWhCfrhmM71fMnOwpZ5kijztSOEko7TMRzTtG+dZLKcCKmVg+a1dT > >SJmm2SJp3NE1nlYVqSH1vfVeVcJI5rtAQ33gTPhiL5U26AMr4wep/Elv1p/Shb/D > >CUpueXr6tEE= > >=n74Z > >-----END PGP SIGNATURE----- > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>; > > iQA/AwUBO0swv1CmU62pemyaEQIRMwCgrtEr+ECiBqG3U2LVyiXr/4qG6d8AniiH > Hg2QUoJx7soua+XBKajtExuV > =Zw3k > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107101818220.81390-100000>