Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
21222324252627282930
SAFER – Vol. 3, Issue 6 29 © 2000 The Relay Group
SuSE Security Announcement: mufti
Released May 29, 2000
Affects SuSE Linux 6.1-6.4
Reference http://www.suse.com/
Problem
- The KDE CD player skid is setgid disk to be able to access the device file of the CDROM. To
perform some action skid calls the unix command shell specified in the environment variable
SHELL with the privileges of group disk.
- An adversary could set SHELL to his own program to get local root access to the system by
writing directly to the raw HDD device.
SAFER
- Update the package.
NetBSD Security Advisory 2000-006: /etc/ftpchroot parsing broken in NetBSD-1.4.2
Released May 27, 2000
Affects NetBSD-1.4.2, NetBSD-current between 19990930 and 19991212
Reference http://www.netbsd.org/
Problem
- The chroot(2) system call, short for "change root", restricts a process to only be able to access a
subtree of the filesystem.
- /etc/ftpchroot specifies users who are allowed to log in using ftp with a password, but are chroot'ed
to their home directory, preventing them from accessing files outside their home directory via FTP.
The incorrect fix in 1.4.2 caused the chroot call to not occur, allowing them regular, unprivileged
access to files outside their home directory via FTP.
SAFER
- NetBSD has released patches for affected versions.
NetBSD Security Advisory 2000-005: Local "cpu-hog" denial of service
Released May 27, 2000
Affects NetBSD 1.4, 1.4.1, 1.4.2
Reference http://www.netbsd.org/
Problem
- 4.xBSD kernels are non-preemptive; processes running in user space can be preempted, but
processes running in the kernel must yield the CPU voluntarily. Certain system calls could be
convinced to run for an extended time in the kernel without yielding (e.g., reads from /dev/zero).
- In addition, the ktrace system-call tracing facility could use large amounts of kernel memory when
tracing large I/O's
SAFER
- NetBSD has released patches for affected versions.
NetBSD Security Advisory 2000-004: SysV semaphore denial-of-service
Released May 27, 2000
Affects NetBSD 1.4, 1.4.1, 1.4.2
Reference http://www.netbsd.org/
Problem
- The undocumented semconfig(2) system call is used by ipcs(1) to "freeze" the state of
semaphores so that a self-consistent snapshot could be displayed. However, this could then be
abused to lock the semaphore system, preventing all semaphore operations from progressing, and
leave it locked until the locking process exited.
- The fix is to disable this unnecessary locking; other comparable /dev/kmem-reading programs
such as ps(1) and netstat(1) have never needed this sort of locking.
- Only programs that make use of semaphores are affected by this problem.
SAFER
- NetBSD has released patches for affected versions.