From owner-freebsd-security Mon Oct 30 17:43: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 4C42437B4C5 for ; Mon, 30 Oct 2000 17:43:03 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V1j8I15537; Mon, 30 Oct 2000 17:45:08 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 17:45:08 -0800 From: Kris Kennaway To: Dima Dorfman Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:58.chpass Message-ID: <20001030174508.A15508@citusc17.usc.edu> References: <20001030231153.B618B37B4CF@hub.freebsd.org> <20001030235755.CB3A21F27@static.unixfreak.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001030235755.CB3A21F27@static.unixfreak.org>; from dima@unixfreak.org on Mon, Oct 30, 2000 at 03:57:55PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 03:57:55PM -0800, Dima Dorfman wrote: > [ PGP not available, raw data follows ] > > -----BEGIN PGP SIGNED MESSAGE----- > >=20 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > FreeBSD-SA-00:58 Security Adv= isory > > FreeBSD= , Inc. > >=20 > > Topic: chpass family contains local root vulnerability > >=20 > > Category: core > > Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd >=20 > Forgive my ignorance, but I fail to see how 'passwd' is vulnerable. > Yes, it does link with the affected file (pw_util.c), and calls the > affected function (pw_error()), but, as far as I can tell, it never > calls it with any parameters which can be controlled by the user. Fair enough, I added this at the last minute to be sure without really checking. Better to have someone upgrade something that isn't actually a security risk than leave a vulnerable binary lying around. Kris --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+JCMACgkQWry0BWjoQKX5HgCg2SqDVj5lp9IWEh8MNHvVVkcI cJgAoM4BdlQ1Bpb4fgMHRtPP0iUi9CHQ =IyLj -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message