From owner-freebsd-security Fri Aug 27 7:18:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id B845614D99 for ; Fri, 27 Aug 1999 07:18:34 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id QAA07960; Fri, 27 Aug 1999 16:18:15 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id QAA38401; Fri, 27 Aug 1999 16:18:14 +0200 (MET DST) Date: Fri, 27 Aug 1999 16:18:14 +0200 From: Eivind Eklund To: "Sean O'Connell" Cc: FreeBSD security Subject: Re: Chflags vulnerability in FreeBSD? Message-ID: <19990827161814.X79110@bitbox.follo.net> References: <19990827100807.P28256@stat.Duke.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <19990827100807.P28256@stat.Duke.EDU>; from Sean O'Connell on Fri, Aug 27, 1999 at 10:08:07AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Aug 27, 1999 at 10:08:07AM -0400, Sean O'Connell wrote: > Hi All- > > I received the following from SANS (www.sans.org) and it initimated > that there is a vulnerability in FreeBSD that had previously been > thought to only exist in BSDi: > SANS Digest EXTRA -- Vol. 3 Num. 8a > > 4) In item 10, BSDI A of the Augusts SANS Security Digest, we reported > the chflags problem as a BSDI-specific problem, when in fact other > versions of BSD kernel are effected as well as some programs (e.g., > ssh) based on the same routine. Vendor specific information can be > found at: > http://www.BSDI.COM/support/patches/patches-4.0.1/M401-014.info > http://www.BSDI.COM/support/patches/patches-3.1/M310-056.info > http://www.ssh.fi/sshprotocols2/ > http://www.openbsd.org/errata.html#chflags > Also, according to a Bugtraq posting by Adam Morrison on 08/01/1999, > NetBSD has corrected the problem and FreeBSD appears to be vulnerable. > The SANS Digest editors were unable to locate an FreeBSD specific > information regarding this problem. > > Has this been addressed or fixed? If it exists, it should probably > be fixed before 3.3 gets out the door. It has been fixed, and had been fixed the day the posting was approved for bugtraq (of course, the bugtraq editors then spent 4-5 days before approving the postings pointing this out). SANS has not done any serious attempt to get information - there has, for instance, not come any mail from them to security-officer@FreeBSD.org. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message