Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
21222324252627282930
SAFER – Vol. 3, Issue 6 30 © 2000 The Relay Group
NetBSD Security Advisory 2000-003: Exploitable Vulnerability in Xlockmore
Released May 27, 2000
Affects NetBSD pkgsrc prior to 11th May 2000
Reference http://www.netbsd.org/
Problem
- The xlock program locks an X server until a valid password is entered. The command line option -
mode provides a user with a mechanism to change the default display shown when the X server is
locked. Xlock is installed with privileges to obtain password information, although these are
dropped as early as possible.
- An overflow in the –mode command line option allows a malicious attacker to reveal arbitrary
portions of xlock's address space including the shadow password file.
SAFER
- Upgrade xclockmore to version 4.16.1.
FreeBSD Security Advisory SA-00:20: krb5
Released May 26, 2000
Affects MIT Kerberos 5
Reference http://www.freebsd.org/
Problem
- The MIT Kerberos 5 port, versions 1.1.1 and earlier, contains several remote and local buffer
overflows which can lead to root compromise. Note that the implementations of Kerberos shipped
in the FreeBSD base system are separately-developed software to MIT Kerberos and are believed
not to be vulnerable to these problems.
- However, a very old release of FreeBSD dating from 1997 (FreeBSD 2.2.5) did ship with a closely
MIT-derived Kerberos implementation ("eBones") and may be vulnerable to attacks of the kind
described here. Any users still using FreeBSD 2.2.5 and who have installed the optional Kerberos
distribution are urged to upgrade to 2.2.8-STABLE or later. Note however that FreeBSD 2.x is no
longer an officially supported version, nor are security fixes always provided.
- Local or remote users can obtain root access on the system running krb5.
SAFER
- Upgrade your entire ports collection and rebuild the krb5 port or download a new port skeleton for
the krb5 port.
FreeBSD Security Advisory SA-00:19: semiconfig
Released May 26, 2000
Affects 386BSD-derived OSes, including all versions of FreeBSD, NetBSD and OpenBSD
Reference http://www.freebsd.org/
Problem
- An undocumented system call is incorrectly exported from the kernel without access-control
checks. This operation causes the acquisition in the kernel of a global semaphore which causes all
processes on the system to block during exit() handling, thereby preventing any process from
exiting until the corresponding "unblock" system call is issued.
- This operation was intended for use only by ipcs(1) to atomically sample the state of System V
IPC resources on the system (i.e., to ensure that resources are not allocated or deallocated during
the process of sampling itself).
- An unprivileged local user can cause every process on the system to hang during exiting. In other
words, after the system call is issued, no process on the system will be able to exit completely until
another user issues the "unblock" call or the system is rebooted. This is a denial-of-service attack.
SAFER
- Upgrade to FreeBSD 2.1.7.1-STABLE, 2.2.8-STABLE, 3.4-STABLE, 4.0-STABLE or 5.0-
CURRENT after the correction date.