Date: Tue, 10 Sep 1996 13:39:17 -0500 (CDT) From: Karl <karl@Codebase.mcs.net> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1596: Security problem with routed - patch to fix Message-ID: <199609101839.NAA17069@Codebase.mcs.net> Resent-Message-ID: <199609101840.LAA05040@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1596 >Category: bin >Synopsis: routed allows writing to any system file >Confidential: Yes >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 10 11:40:00 PDT 1996 >Last-Modified: >Originator: Karl >Organization: MCSNet >Release: FreeBSD 2.2-CURRENT i386 >Environment: Any user operating routed >Description: Any user anywhere on the Internet can potentially write to any file on the system as root through the use of the RIP TRACE facility >How-To-Repeat: Send UDP packet containing RIP TRACE request with the requested filename. >Fix: The following diff removes the RIP TRACE facility unless the define "INSECURE" is present at the time of the build. There is no known way to safely permit this trace activity to take place. MCSNet was not the originator of discovery for this problem. Index: input.c =================================================================== RCS file: /usr/cvs/src/usr.sbin/routed/input.c,v retrieving revision 1.4 diff -r1.4 input.c 288a289 > #ifdef INSECURE 310c311 < --- > #endif -- Karl Denninger karl@mcs.net >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609101839.NAA17069>