Re: local exploit

From: Matt Dillon (dillon@earth.backplane.com)
Date: 04/09/01 

Date: Mon, 9 Apr 2001 10:07:11 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
To: Q Yai QQ <riki@unila.ac.id>

:hai guys.,.
:
:i wanna ask about Security of FreeBSD 3.4 and 4.x
:
:on FreeBSD-3.4 there are local exploit that hack chpass
:
:i am ever hacked by my user with local-exploit tha can setiud root.,.
:
:then i try to chmod o-x chpass
:
:IT WORK !!!
:others cannot exploit on my machines again
:
:but i never find local exploit for FreeBSD-4.1 version
:
:are there big different that 4.1 more secure for exploit ??
:thank's
:...

    I think the original question got lost here. Was there a security
    hole in chpass?

    The answer is: Yes, there was! A quick google search locates a copy
    of the advisory on www.google.com I searched for:

        'chpass advisory freebsd'

    and came up with:

        http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00448.html

    There was a root exploit found in July 2000 which was fixed
    in FreeBSD-4.0 in July 2000 and fixed in FreeBSD-3.5.1 in October 2000.
    So the answer is that by the time FreeBSD-4.1, this bug was
    long since fixed.

    My suggestion would be to upgrade the boxes to RELENG_4 (FreeBSD-4.x),
    or if you do not want to make that bug a leap at the very least
    upgrade them to the latest RELENG_3 codebase (FreeBSD-3.5.1).

    In general, bug fixes always go into what we call the 'stable' release,
    which at the moment is RELENG_4 (FreeBSD-4.x). FreeBSD-3.x is older
    and does not always get all the bug fixes, but it usually still gets
    all the security fixes. You still have to keep your codebase up to date,
    though.

    There have been other root exploits since 3.4. Root exploits have been
    found in 'named', 'sshd', 'ntpd'. Filesystem read-any-file bugs have been
    found in crontab, and I'm probably forgetting a few. To be absolutely
    safe it is best to always track the latest -stable release, which at the
    moment is FreeBSD-4.x (4.3 is about to come out). The easiest way to
    track -stable is to learn how to use 'cvsup'.

                                            -Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Possible Security Vulnerability
    ... > I have been testing the security on my machine (FreeBSD 4.2-STABLE) and ... > I noticed a bug that could potentially reboot a box from any type of user, ... That's not a security vulnerability (ie defined as something which gives ... an attacker elevated privileges), that's a bug. ...
    (FreeBSD-Security)
  • Re: local exploit
    ... While the "current" branch of FreeBSD is 4.x, there are usually security ... upgrade to 4.3 when it arrives soon. ... You can live without "chpass" for a while, ...
    (FreeBSD-Security)
  • Re: reporter on deadline seeks comment about reported security bug in FreeBSD
    ... Then the security team will make sure to fix the bug for all ... security information web pages at. ... Your work will only improve FreeBSD and I would like to thank you kindly for ...
    (freebsd-questions)
  • Re: reporter on deadline seeks comment about reported security bug in FreeBSD
    ... Then the security team will make sure to fix the bug for all ... affected releases of FreeBSD, release a patch with the fix, issue an ... security information web pages at. ...
    (freebsd-questions)