From owner-freebsd-announce  Tue Mar 12  6:31: 2 2002
Delivered-To: freebsd-announce@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id C649037B423; Tue, 12 Mar 2002 06:28:09 -0800 (PST)
Received: (from nectar@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g2CES9q64473;
	Tue, 12 Mar 2002 06:28:09 -0800 (PST)
	(envelope-from security-advisories@freebsd.org)
Date: Tue, 12 Mar 2002 06:28:09 -0800 (PST)
Message-Id: <200203121428.g2CES9q64473@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage
Reply-To: security-advisories@freebsd.org
Sender: owner-freebsd-announce@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-announce.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-announce>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-announce>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-02:17                                            Security Advisory
                                                                FreeBSD, Inc.

Topic:          mod_frontpage port contains exploitable buffer overflow

Category:       ports
Module:         mod_frontpage
Announced:      2002-03-12
Credits:        Martin Blapp <mbr@freebsd.org>
Affects:        mod_frontpage port prior to version mod_portname-1.6.1
Corrected:      2002-02-05 16:18:42 2002 UTC
FreeBSD only:   NO

I.   Background

mod_frontpage is a replacecement for Microsoft's frontpage apache
patch to support FP extensions. It is installed as a DSO module.

II.  Problem Description

Affected versions of the mod_frontpage port contains several
exploitable buffer overflows in the fpexec wrapper, which is installed
setuid root.

The mod_frontpage port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 6000 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.5 contains this
security problem since it was discovered after the release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

A local attacker may obtain superuser privileges by exploiting the
buffer overflow bugs in fpexec.

IV.  Workaround

1) Deinstall the mod_frontpage ports/packages if you have them installed.

V.   Solution

Do one of the following:

1) Upgrade your entire ports collection and rebuild the port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

NOTE: It may be several days before updated packages are available.

3) Download a new port skeleton for the mod_frontpage port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz

VI.  Correction details

The following list contains the $FreeBSD$ revision numbers of each
file that was corrected in the FreeBSD source.

Path                                                             Revision
- -------------------------------------------------------------------------
ports/www/mod_frontpage/Makefile                                      1.7
ports/www/mod_frontpage/distinfo                                      1.4
ports/www/mod_frontpage/files/patch-Makefile.PL                       1.3
ports/www/mod_frontpage/files/patch-Makefile.in                       1.1
ports/www/mod_frontpage/files/patch-mod_frontpage.c                   1.4
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBPI4O11UuHi5z0oilAQF43wQAlp8eUBSGRLb1ggNxDVwzvB40ZEOWrIB0
6P3xIvUW6bFXsHgrBm+WuF7evUm8K85hs1QPp4nDUSdgWArxP9izdSXMKsJ0rtkA
RAeDMgpMOsDoQaKl9ljDVFbf9xs3hTO6S3UsRaRuQeTvcqhsKRZNbUvOVrAULEOG
GZ6n2CFh+Rk=
=sCnv
-----END PGP SIGNATURE-----

This is the moderated mailing list freebsd-announce.
The list contains announcements of new FreeBSD capabilities,
important events and project milestones.
See also the FreeBSD Web pages at http://www.freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-announce" in the body of the message