Date: Wed, 27 Aug 1997 08:37:13 -0500 (CDT) From: Guy Helmer <ghelmer@cs.iastate.edu> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Ricardo Mart{inez Zapata <qrovtas2@acnet.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Hi! Message-ID: <Pine.HPP.3.96.970827080834.22204B-100000@popeye.cs.iastate.edu> In-Reply-To: <Pine.BSF.3.96.970826194713.4255G-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 26 Aug 1997, Doug White wrote: > On Tue, 26 Aug 1997, Ricardo Mart{inez Zapata wrote: > > > Can you helpme? im trying to know about the security bugs in > > FreeBSD 2.2.2. > > Hopefully, there isn't any. I don't think there is any major root > accesses in the system, AFAIK. > > There are the usual suspects through, primarily the r* utilities and the > echo, chargen, and discard programs in /etc/inetd.conf, old versions of > Sendmail, et. al. /usr/bin/suidperl on 2.2.2 and prior versions (and, if you have perl 5.003 or prior versions installed, /usr/local/bin/suidperl) contain well-known buffer overflows. It is a good thing to turn off the setuid bit on those two files; ref CERT advisory 97.17 (ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl). Fixes for these are in 2.2-stable for /usr/bin/suidperl and the perl-5.004 package contains the fix for /usr/local/bin/suidperl. (I still don't trust having a suidperl around, though :-) A compromise is possible via procfs, so a kernel should be rebuilt with patches applied or /proc should not be mounted (but that may break ps, w, and maybe other commands); ref FreeBSD security advisory 97:04 (ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A04.procfs.asc). Fixes for this are in 2.2-stable as well. echo and chargen denial-of-service issues have been fixed since 2.1, I believe. sendmail 8.8.5 is in FreeBSD 2.2.2, and AFAIK doesn't have any major security problems on a typical FreeBSD installation. There have been a lot of merges of patches for buffer overflows from OpenBSD for various setuid programs and privileged daemons, and I believe someone recently committed additional buffer overflow patches for /usr/bin/suidperl as well. I'm fairly certain that these have been merged into the 2.2-stable tree, so a current 2.2-releng installation or a build from a cvsup'ed 2.2-stable source tree would be a good way to make sure one's 2.2 system is completely up-to-date on security patches. Hope this helps, Guy Helmer Guy Helmer, Computer Science Graduate Student - ghelmer@cs.iastate.edu Iowa State University http://www.cs.iastate.edu/~ghelmer Research Assistant, Scalable Computing Laboratory, Ames Laboratory
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970827080834.22204B-100000>