Date: Wed, 27 Aug 1997 08:37:13 -0500 (CDT)
From: Guy Helmer <ghelmer@cs.iastate.edu>
To: Doug White <dwhite@resnet.uoregon.edu>
Cc: Ricardo Mart{inez Zapata <qrovtas2@acnet.net>, freebsd-questions@FreeBSD.ORG
Subject: Re: Hi!
Message-ID: <Pine.HPP.3.96.970827080834.22204B-100000@popeye.cs.iastate.edu>
In-Reply-To: <Pine.BSF.3.96.970826194713.4255G-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 26 Aug 1997, Doug White wrote:
> On Tue, 26 Aug 1997, Ricardo Mart{inez Zapata wrote:
>
> > Can you helpme? im trying to know about the security bugs in
> > FreeBSD 2.2.2.
>
> Hopefully, there isn't any. I don't think there is any major root
> accesses in the system, AFAIK.
>
> There are the usual suspects through, primarily the r* utilities and the
> echo, chargen, and discard programs in /etc/inetd.conf, old versions of
> Sendmail, et. al.
/usr/bin/suidperl on 2.2.2 and prior versions (and, if you have perl 5.003
or prior versions installed, /usr/local/bin/suidperl) contain well-known
buffer overflows. It is a good thing to turn off the setuid bit on those
two files; ref CERT advisory 97.17
(ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl). Fixes for these
are in 2.2-stable for /usr/bin/suidperl and the perl-5.004 package
contains the fix for /usr/local/bin/suidperl. (I still don't trust
having a suidperl around, though :-)
A compromise is possible via procfs, so a kernel should be rebuilt with
patches applied or /proc should not be mounted (but that may break ps, w,
and maybe other commands); ref FreeBSD security advisory 97:04
(ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A04.procfs.asc).
Fixes for this are in 2.2-stable as well.
echo and chargen denial-of-service issues have been fixed since 2.1, I
believe. sendmail 8.8.5 is in FreeBSD 2.2.2, and AFAIK doesn't have any
major security problems on a typical FreeBSD installation.
There have been a lot of merges of patches for buffer overflows from
OpenBSD for various setuid programs and privileged daemons, and I believe
someone recently committed additional buffer overflow patches for
/usr/bin/suidperl as well. I'm fairly certain that these have been merged
into the 2.2-stable tree, so a current 2.2-releng installation or a build
from a cvsup'ed 2.2-stable source tree would be a good way to make sure
one's 2.2 system is completely up-to-date on security patches.
Hope this helps,
Guy Helmer
Guy Helmer, Computer Science Graduate Student - ghelmer@cs.iastate.edu
Iowa State University http://www.cs.iastate.edu/~ghelmer
Research Assistant, Scalable Computing Laboratory, Ames Laboratory
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970827080834.22204B-100000>