FreeBSD libmytinfo Buffer Overflow Vulnerability
BID:1185
Info
FreeBSD libmytinfo Buffer Overflow Vulnerability
| Bugtraq ID: | 1185 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 09 1990 12:00AM |
| Updated: | May 09 1990 12:00AM |
| Credit: | This vulnerability was posted in thge form of an advisory to the Bugtraq mailing list on Tue, 9 May 2000 by the FreeBSD Security Officer <[email protected]>. |
| Vulnerable: |
FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 |
| Not Vulnerable: |
FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 |
Discussion
FreeBSD libmytinfo Buffer Overflow Vulnerability
libmytinfo is a library used in FreeBSD which allows users to specify alternate termcap files or entries via the TERMCAP environment variable. The library itself is flawed and does not check bounds on user supplied data and hence suffers from a buffer overflow. Programs which link against this library and are setuid/setgid could be exploited to elavate privileges up to and possibly including root.
This problem is not believed to affect any base binaries in the FreeBSD system; rather, it is thought that this affects only ports. However, this may prove to be incorrect over time.
libmytinfo is a library used in FreeBSD which allows users to specify alternate termcap files or entries via the TERMCAP environment variable. The library itself is flawed and does not check bounds on user supplied data and hence suffers from a buffer overflow. Programs which link against this library and are setuid/setgid could be exploited to elavate privileges up to and possibly including root.
This problem is not believed to affect any base binaries in the FreeBSD system; rather, it is thought that this affects only ports. However, this may prove to be incorrect over time.
Exploit / POC
FreeBSD libmytinfo Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD libmytinfo Buffer Overflow Vulnerability
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.0
-
FreeBSD FreeBSD libmytinfo Patch
There is also available a tool which will check for binaries which are linked against libmytinfo. The URL for this tool is: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.pat ch
FreeBSD FreeBSD 3.1
-
FreeBSD FreeBSD libmytinfo Patch
There is also available a tool which will check for binaries which are linked against libmytinfo. The URL for this tool is: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.pat ch
FreeBSD FreeBSD 3.2
-
FreeBSD FreeBSD libmytinfo Patch
There is also available a tool which will check for binaries which are linked against libmytinfo. The URL for this tool is: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.pat ch
FreeBSD FreeBSD 3.3
-
FreeBSD FreeBSD libmytinfo Patch
There is also available a tool which will check for binaries which are linked against libmytinfo. The URL for this tool is: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.pat ch
FreeBSD FreeBSD 3.4
-
FreeBSD FreeBSD libmytinfo Patch
There is also available a tool which will check for binaries which are linked against libmytinfo. The URL for this tool is: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.pat ch
References
FreeBSD libmytinfo Buffer Overflow Vulnerability
References:
References: