[FUGSPBR] Fw: FreeBSD Security Advisory FreeBSD-SA-02:01.pkg_add

Vitor de M. Carvalho vitor em softinfo.com.br
Sex Jan 4 23:32:55 BRST 2002 


 Atenciosamente,
 Vitor de M. Carvalho
 System Network Administrator - Softinfo Network
 FreeBSD - The Power To Serve
 ICQ - 41747397


----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
To: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
Sent: Friday, January 04, 2002 11:04 PM
Subject: FreeBSD Security Advisory FreeBSD-SA-02:01.pkg_add


> -----BEGIN PGP SIGNED MESSAGE-----
>
>
============================================================================
=
> FreeBSD-SA-02:01                                            Security
Advisory
>                                                                 FreeBSD,
Inc.
>
> Topic:          Directory permission vulnerability in pkg_add
>
> Category:       core
> Module:         pkg_install
> Announced:      2002-01-04
> Credits:        The Anarcat <anarcat em anarcat.dyndns.org>
> Affects:        All versions of FreeBSD prior to the correction date.
> Corrected:      2001/11/22 17:40:36 UTC (4.4-STABLE aka RELENG_4)
>                 2001/12/07 20:58:46 UTC (4.4-RELEASEp1 aka RELENG_4_4)
>                 2001/12/07 20:57:19 UTC (4.3-RELEASEp21 aka RELENG_4_3)
> FreeBSD only:   NO
>
> I.   Background
>
> pkg_add is a utility program used to install software package
> distributions on FreeBSD systems.
>
> II.  Problem Description
>
> pkg_add extracts the contents of the package to a temporary directory,
> then moves files from the temporary directory to their ultimate
> destination on the system.  The temporary directory used in the
> extraction was created with world-writable permissions, allowing
> arbitrary users to examine the contents of the package as it was
> being extracted.  This might allow users to attack world-writable
> parts of the package during installation.
>
> III. Impact
>
> A local attacker may be able to modify the package contents and
> potentially elevate privileges or otherwise compromise the system.
> There are no known exploits as of the date of this advisory.
>
> IV.  Workaround
>
> 1) Remove or discontinue use of the pkg_add binary until it has
> been upgraded.
>
> 2) When running pkg_add, create a secure temporary directory (such
> as /var/tmp/inst) and secure the directory permissions (chmod 700
> /var/tmp/inst).  Set the TMPDIR environment variable to this
> directory before running pkg_add.
>
> V.   Solution
>
> 1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the
> RELENG_4_4 or RELENG_4_3 security branches dated after the respective
> correction dates.
>
> 2) FreeBSD 4.x systems prior to the correction date:
>
> The following patch has been verified to apply to FreeBSD 4.3-RELEASE,
> 4.4-RELEASE, and 4-STABLE dated prior to the correction date.  This
> patch may or may not apply to older, unsupported releases of FreeBSD.
>
> Download the patch and the detached PGP signature from the following
> locations, and verify the signature using your PGP utility.
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch.asc
>
> Execute the following commands as root:
>
> # cd /usr/src
> # patch -p < /path/to/patch
> # cd /usr/src/usr.sbin/pkg_install
> # make depend && make all install
>
> VI.  Correction details
>
> The following list contains the $FreeBSD$ revision numbers of each
> file that was corrected in the FreeBSD source
>
> Path                                                             Revision
>   Branch
> - ------------------------------------------------------------------------
-
> src/usr.sbin/pkg_install/lib/pen.c
>   HEAD                                                               1.37
>   RELENG_4                                                       1.31.2.6
>   RELENG_4_4                                                 1.31.2.2.2.1
>   RELENG_4_3                                                 1.31.2.1.2.1
> - ------------------------------------------------------------------------
-
>
> VII. References
>
> <URL:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32172>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
> iQCVAwUBPDZOBlUuHi5z0oilAQEPwwP/ZKTT+30/iNKFVEpxjIr1IgW/YkMI3ViG
> G3C12reQQ/QcfGhdxjJesMqeHDhEf2onmZ7ftYRu2Wpg7BC5KAH5rbQ5vDgdVEI0
> ym5zPNOR9BgXVuZ9WZ1M6SizHZwngfn/JHjMltd1xcdCwJ93iVq+/NQg1bB5u7op
> MPFLhNSwNks=
> =cT/W
> -----END PGP SIGNATURE-----
>
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
>
>
> To Unsubscribe: send mail to majordomo em FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message
>

----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.

Mais detalhes sobre a lista de discussão freebsd