FreeBSD eject Buffer Overflow Vulnerability
BID:1686
Info
FreeBSD eject Buffer Overflow Vulnerability
| Bugtraq ID: | 1686 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0852 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 13 2000 12:00AM |
| Updated: | Jul 12 2007 11:27PM |
| Credit: | This vulnerability was reported to bugtraq in advisory FreeBSD-SA-00:49 dated September 13, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.0 |
| Not Vulnerable: | |
Discussion
FreeBSD eject Buffer Overflow Vulnerability
The eject utility is for ejecting the media from a CD or optical disk drive. The utility contains several exploitable buffers which, upon overflow, can confer root privilege to local users.
The eject utility is for ejecting the media from a CD or optical disk drive. The utility contains several exploitable buffers which, upon overflow, can confer root privilege to local users.
Exploit / POC
FreeBSD eject Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
FreeBSD eject Buffer Overflow Vulnerability
Solution:
One of the following (exerpted from the FreeBSD advisory):
1) Upgrade your entire ports collection and rebuild the eject port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz
NOTE: Be sure to check the file creation date on the package, because
the version number of the software has not changed.
3) download a new port skeleton for the eject port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
Solution:
One of the following (exerpted from the FreeBSD advisory):
1) Upgrade your entire ports collection and rebuild the eject port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz
NOTE: Be sure to check the file creation date on the package, because
the version number of the software has not changed.
3) download a new port skeleton for the eject port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz