From owner-freebsd-announce Sun Apr 16 17:59:26 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 608) id 9AD5437B719; Sun, 16 Apr 2000 17:59:22 -0700 (PDT) From: "Jonathan M. Bresler" To: freebsd-announce@FreeBSD.ORG Subject: New mailing lists: freebsd-i18n and freebsd-ppc Message-Id: <20000417005922.9AD5437B719@hub.freebsd.org> Date: Sun, 16 Apr 2000 17:59:22 -0700 (PDT) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Two new mailing lists are available: FreeBSD-i18n and FreeBSD-PPC. FREEBSD-I18N FreeBSD Internationalization This is a forum for technical discussions related to FreeBSD Internationalization. FREEBSD-PPC Porting FreeBSD to the PowerPC This is the technical mailing list. It is for individuals actively working on porting FreeBSD to the PowerPC, to bring up problems or discuss alternative solutions. Individuals interested in following the technical discussion are also welcome. The standard shortcuts (i18n and ppc) are available for sending email to the lists. One must subscribe and unsubscribe using the full name of the list (freebsd-i18n and freebsd-ppc). to subscribe to a FreeBSD mailing list, send mail to majordomo@FreeBSD.org containing the single line "subscribe ". replace by the name of the list you want to subscribe to. for example: echo "subscribe freebsd-hackers" | mail majordomo@FreeBSD.org to unsubscribe use: echo "unsubscribe freebsd-hackers" | mail majordomo@FreeBSD.org you will be asked, via email, to confirm your subscription request via email. after confirming your subscription request, you will receive notification, via email, that your subscription has been accepted. jmb -- Jonathan M. Bresler FreeBSD Core Team, Postmaster jmb@FreeBSD.ORG FreeBSD--The Power to Serve JMB193 http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Apr 19 14:26:51 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id D585837BD34; Wed, 19 Apr 2000 14:26:38 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000419212638.D585837BD34@hub.freebsd.org> Date: Wed, 19 Apr 2000 14:26:38 -0700 (PDT) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:13 Security Advisory FreeBSD, Inc. Topic: generic-nqs contains a local root compromise Category: ports Module: generic-nqs Announced: 2000-04-19 Credits: Philippe Andersson via BugTraq Affects: Ports collection before the correction date. Corrected: 2000-04-16 Vendor status: Updated version released. FreeBSD only: NO I. Background Generic-NQS is a Network Queuing System for batch-processing jobs across multiple machines. II. Problem Description Generic-NQS versions 3.50.7 and earlier contain a security vulnerability which allow a local user to easily obtain root privileges. Unfortunately, further details of the location and nature of the vulnerability were not provided by the original poster, upon request of the Generic-NQS developers. The generic-nqs port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3200 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A local user can obtain root privileges by exploiting a vulnerability in the generic-nqs package. If you have not chosen to install the generic-nqs port/package, then your system is not vulnerable to this problem. IV. Workaround Remove the generic-nqs port, if you you have installed it. V. Solution 1) Upgrade your entire ports collection and rebuild the generic-nqs port. 2) Reinstall a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz Note that it may be a few days before the updated package is available. 3) download a new port skeleton for the generic-nqs port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOP4kUVUuHi5z0oilAQGmYAQAntm5ianpGoWd2dr2Nf294InKoxRK5tt+ 61yGHUdZiFIWNUcEEow158vCnmAid1XyBRrYdeZLCs0EU0gaHRL21a1RpKab31T1 oc8pPK5mCyygwrXCf/u4aZES/HQyVbpryEqnvrggSzjlXExhsl6i+4YEBYHUO2Mi s8xowH91Sy4= =eXhd -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message