BID:2378

Elvis Local Root Compromise Vulnerability

Info

Elvis Local Root Compromise Vulnerability

Bugtraq ID:	2378
Class:	Unknown
CVE:
Remote:	Yes
Local:	Yes
Published:	Feb 07 2001 12:00AM
Updated:	Feb 07 2001 12:00AM
Credit:	Reported to bugtraq by FreeBSD in an advisory dated 7 Feb 2001
Vulnerable:	FreeBSD Elvis 1.8.4 -0 japanese - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.0 FreeBSD Elvis 1.0 8h2_0 korean - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.0

Not Vulnerable:	FreeBSD Elvis 1.8.4 -1 japanese - FreeBSD FreeBSD 3.0 FreeBSD Elvis 1.0 8h2_1 korean - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.0

Discussion

Elvis Local Root Compromise Vulnerability

Certain versions of ja-elvis and ko-helvis (ports of the Elvis editor) contain a local buffer overflow vulnerablity.

Properly exploited, this buffer overflow can allow unprivileged local users to gain root access on the vulnerable host.

Exploit / POC

Elvis Local Root Compromise Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Elvis Local Root Compromise Vulnerability

Solution:
The vendor recommends upgrading to the current packages.

FreeBSD Elvis 1.0 8h2_0 korean

FreeBSD 3 stable i386 korean ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ ko-helvis-1.8h2_1.tgz

FreeBSD 4 stable alpha korean ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean /ko-helvis-1.8h2_1.tgz

FreeBSD 5 current alpha korean ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korea n/ko-helvis-1.8h2_1.tgz

FreeBSD 5 current i386 ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean /ko-helvis-1.8h2_1.tgz

FreeBSD Elvis 1.8.4 -0 japanese

FreeBSD 3 stable i386 japanese ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanes e/ja-elvis-1.8.4_1.tgz

FreeBSD 4 stable alpha japanese ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japane se/ja-elvis-1.8.4_1.tgz

FreeBSD 4 stable i386 japanese ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanes e/ja-elvis-1.8.4_1.tgz

FreeBSD 5 current alpha japanese ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japan ese/ja-elvis-1.8.4_1.tgz

FreeBSD 5 current i386 japanese ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japane se/ja-elvis-1.8.4_1.tgz

References

Elvis Local Root Compromise Vulnerability

References: