Info

Disclosure

May 29, 2004

Discovery

Unknown

Dates

Exploit

Oct 16, 2004

Solution

Unknown

Description

A bandwidth monitor, bmon, on FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the FreeBSD port system installs bmon with setuid superuser privileges.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 1.2.1_2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Thomas Graf

bmon

1.2.1

References

Security Tracker: 1011655
Bugtraq ID: 11457
ISS X-Force ID: 17827
Milw0rm: 579
Exploit Database: 579
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0579.html
Vendor Specific News/Changelog Entry: http://people.freebsd.org/~eik/portaudit/938f357c-16dd-11d9-bc4a-000c41e2cdad.html
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/67340
Vendor URL: http://people.suug.ch/~tgr/bmon/
http://trash.net/~reeler/bmon/
Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/bmon.sh

Credit

Jon Nistor - nistorsnickers.org -

Direct URL: http://osvdb.org/11189