[FUGSPBR] Fw: FreeBSD Security Advisory FreeBSD-SA-02:02.pw

Vitor de M. Carvalho vitor em softinfo.com.br
Sex Jan 4 23:33:09 BRST 2002 


 Atenciosamente,
 Vitor de M. Carvalho
 System Network Administrator - Softinfo Network
 FreeBSD - The Power To Serve
 ICQ - 41747397


----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
To: "FreeBSD Security Advisories" <security-advisories em FreeBSD.ORG>
Sent: Friday, January 04, 2002 11:04 PM
Subject: FreeBSD Security Advisory FreeBSD-SA-02:02.pw


> -----BEGIN PGP SIGNED MESSAGE-----
>
>
============================================================================
=
> FreeBSD-SA-02:02                                            Security
Advisory
>                                                                 FreeBSD,
Inc.
>
> Topic:          pw(8) race condition may allow disclosure of master.passwd
>
> Category:       core
> Module:         pw
> Announced:      2002-01-04
> Credits:        ryan beasley <ryanb em goddamnbastard.org>
> Affects:        All releases prior to 4.5-RELEASE,
>                 4.4-STABLE prior to the correction date
> Corrected:      2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4)
>                 2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4)
>                 2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3)
> FreeBSD only:   YES
>
> I.   Background
>
> The pw(8) utility is used to create, remove, modify, and display system
> users and groups.
>
> II.  Problem Description
>
> When creating, removing, or modifying system users, the pw utility
> modifies the system password file `/etc/master.passwd'.  This file
> contains the users' encrypted passwords and is normally only readable
> by root.  During the modification, a temporary copy of the file is
> created. However, this temporary file is mistakenly created with
> permissions that allow it to be read by any user.
>
> III. Impact
>
> A local attacker can read the temporary file created by pw(8) and
> use the encrypted passwords to conduct an off-line dictionary attack.
> A successful attack would result in the recovery of one or more
> passwords.  Because the temporary file is short-lived (it is removed
> almost immediately after creation), this can be difficult to exploit:
> an attacker must `race' to read the file before it is removed.
>
> IV.  Workaround
>
> 1) Do not use pw(8) to create, remove, or modify system users.
>
> V.   Solution
>
> One of the following:
>
> 1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the
> 4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE
> security-fix branch (RELENG_4_3), dated after the correction date.
>
> 2) FreeBSD 4.x systems prior to the correction date:
>
> The following patch has been verified to apply to FreeBSD 4.3-RELEASE,
> 4.4-RELEASE, and 4-STABLE dated prior to the correction date.  This
> patch may or may not apply to older, unsupported releases of FreeBSD.
>
> Download the patch and the detached PGP signature from the following
> locations, and verify the signature using your PGP utility.
>
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc
>
> Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/usr.sbin/pw
> # make depend && make all install
>
> VI.  Correction details
>
> The following list contains the $FreeBSD$ revision numbers of each
> file that was corrected in the FreeBSD source
>
> Path                                                             Revision
>   Branch
> - ------------------------------------------------------------------------
-
> src/usr.sbin/pw/pwupd.c
>   HEAD (CURRENT)                                                     1.18
>   RELENG_4 (4-STABLE)                                            1.12.2.4
>   RELENG_4_4 (4.4-RELEASE security branch)                   1.12.2.3.4.1
>   RELENG_4_3 (4.3-RELEASE security branch)                   1.12.2.3.2.1
> - ------------------------------------------------------------------------
-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
> iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6
> j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv
> e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl
> qNU0wX2XJU0=
> =g2Uh
> -----END PGP SIGNATURE-----
>
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
>
>
> To Unsubscribe: send mail to majordomo em FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message
>

----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.

Mais detalhes sobre a lista de discussão freebsd