From owner-freebsd-security Thu Aug 26 9:57:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id C732615CA3; Thu, 26 Aug 1999 09:57:36 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Thu, 26 Aug 1999 10:56:29 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma000249; Thu, 26 Aug 99 10:56:09 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA04634; Thu, 26 Aug 1999 10:55:19 -0600 (MDT) Date: Thu, 26 Aug 1999 10:55:18 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Gregory Sutter Cc: security-officer@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD (and other BSDs?) local root explot] In-Reply-To: <19990826094910.F20512@forty-two.egroups.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 26 Aug 1999, Gregory Sutter wrote: > This claims to describe a FreeBSD root exploit, and was just posted > to BugTraq. ... and was posted to freebsd-security yesterday. ;-) > bug in fts_print function allows to overwrite any file in system, when > running /etc/security script (executed from 'daily' scripts). > > affected systems: > - freebsd (all versions) > - probably openbsd/netbsd > > fix: > - limit root's coredump size > - patch libc Tested and works on 3.2-STABLE of last week. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message