|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Multiple BSD OSs contain a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to pppd changing the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device, resulting in a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Race Condition
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to FreeBSD version 4.6-STABLE; or to the RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the correction date (4.6.1-RELEASE-p2, 4.5-RELEASE-p11, or 4.4-RELEASE-p18) or higher, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.
Upgrade to OpenBSD version 3.1 dated after the correction date or higher, as it has been reported to fix this vulnerability. In addition, OpenBSD has released a patch for some older versions.
Upgrade to NetBSD version 1.6 dated after the correction date or higher, as it has been reported to fix this vulnerability.
It is also possible to correct the flaw by implementing the following workaround: remove the setuid bit from pppd. However, this will likely affect required functionality.
|
|
Products |
|
FreeBSD
 |
4.0 |
4.6 |
4.1x |
4.2x |
4.3x |
4.4x |
4.5x |
4.6.1-RELEASE-p1 |
|
NetBSD
|
1.4 |
1.5 |
1.5.x |
1.4.x |
1.6 beta |
|
OpenBSD
|
3.0 |
3.1 |
|
|
|
|
Credit |
- Jun-ichiro itojun Hagino - itojun
 openbsd.org -
- Sebastian Krahmer - krahmersuse.de - SuSE
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
