From owner-freebsd-security Thu Apr 11 13:45:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by hub.freebsd.org (Postfix) with ESMTP id A91FB37B416 for ; Thu, 11 Apr 2002 13:45:31 -0700 (PDT) Received: from fwd05.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16vlRh-0003bX-09; Thu, 11 Apr 2002 22:45:29 +0200 Received: from pc5.abc (520067998749-0001@[217.233.91.239]) by fmrl05.sul.t-online.com with esmtp id 16vlRW-24x6yuC; Thu, 11 Apr 2002 22:45:18 +0200 Received: (from nicolas@localhost) by pc5.abc (8.11.6/8.11.6) id g3BKjHC51297 for security@FreeBSD.ORG; Thu, 11 Apr 2002 22:45:17 +0200 (CEST) (envelope-from list@rachinsky.de) Date: Thu, 11 Apr 2002 22:45:17 +0200 From: Nicolas Rachinsky To: security@FreeBSD.ORG Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Message-ID: <20020411204516.GA51239@pc5.abc> Mail-Followup-To: security@FreeBSD.ORG References: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org> User-Agent: Mutt/1.3.28i X-Powered-by: FreeBSD X-Homepage: http://www.rachinsky.de X-PGP-Keyid: C11ABC0E X-PGP-Fingerprint: 19DB 8392 8FE0 814A 7362 EEBD A53B 526A C11A BC0E X-PGP-Key: http://www.rachinsky.de/nicolas/nicolas_rachinsky.asc X-Sender: 520067998749-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Brett Glass [2002-04-11 14:12:01 -0600]: > [This is a corrected version of the previous message, which omitted > the word "isn't" near the beginning of the second paragraph.] > > The vulnerability described in the message below is a classic > "in-band signalling" problem that may give an unauthorized user > the ability to run an arbitrary command as root. > > Fortunately, the vulnerability isn't present in FreeBSD's daily, weekly, > and monthly maintenance scripts, because they use sendmail rather > than /bin/mail. Nonetheless, the same patch should be applied to > FreeBSD's /bin/mail due to the possibility that other privileged > utilities (or user-written scripts) might use /bin/mail instead of > sendmail to create e-mail messages. man mail says: -I Forces mail to run in interactive mode even when input is not a terminal. In particular, the `~' special character when sending mail is only active in interactive mode. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message