FreeBSD Ports brouted Installation Permission Vulnerability
BID:1629
Info
FreeBSD Ports brouted Installation Permission Vulnerability
| Bugtraq ID: | 1629 |
| Class: | Configuration Error |
| CVE: |
CVE-2000-0752 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 28 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was made public in a FreeBSD security advisory on August 28, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5 |
| Not Vulnerable: | |
Discussion
FreeBSD Ports brouted Installation Permission Vulnerability
A vulnerability exists in the FreeBSD ports package for the brouted program. Vulnerable versions of brouted were available in the ports packages for 3.5-RELEASE and 4.1-RELEASE until August 22, 2000. Subsequent installations of the ports package are not vulnerable.
brouted is incorrectly installed with setgid kmem permissions. Versions of the port released prior to August 22, 2000 had buffer overflows in the command line argument handling. This could lead to local users being able to execute arbitrary code with GID kmem permissions. This could be used to elevate privilege to that of root by manipulating kernel memory.
A vulnerability exists in the FreeBSD ports package for the brouted program. Vulnerable versions of brouted were available in the ports packages for 3.5-RELEASE and 4.1-RELEASE until August 22, 2000. Subsequent installations of the ports package are not vulnerable.
brouted is incorrectly installed with setgid kmem permissions. Versions of the port released prior to August 22, 2000 had buffer overflows in the command line argument handling. This could lead to local users being able to execute arbitrary code with GID kmem permissions. This could be used to elevate privilege to that of root by manipulating kernel memory.
Exploit / POC
FreeBSD Ports brouted Installation Permission Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD Ports brouted Installation Permission Vulnerability
Solution:
Versions of the port obtained after August 22, 2000 are not vulnerable. Newer versions of the packages are available for users who have older versions of the ports heirarchy.
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 5.0 alpha
Solution:
Versions of the port obtained after August 22, 2000 are not vulnerable. Newer versions of the packages are available for users who have older versions of the ports heirarchy.
FreeBSD FreeBSD 3.5
-
FreeBSD 3.x i386 brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bro uted-1.2b.tgz
FreeBSD FreeBSD 4.0 alpha
-
FreeBSD 4.x alpha brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/net/br outed-1.2b.tgz
FreeBSD FreeBSD 4.0
-
FreeBSD 4.x i386 brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bro uted-1.2b.tgz
FreeBSD FreeBSD 4.1
-
FreeBSD 4.x i386 brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bro uted-1.2b.tgz
FreeBSD FreeBSD 5.0
-
FreeBSD 5.x i386 brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/br outed-1.2b.tgz
FreeBSD FreeBSD 5.0 alpha
-
FreeBSD 5.x alpha brouted-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/b routed-1.2b.tgz
References
FreeBSD Ports brouted Installation Permission Vulnerability
References:
References:
- FreeBSD Security Information (FreeBSD)