Re: Remote Root Hole in FreeBSD Ports

From: Horms (horms@vergenet.net)
Date: 12/27/01 

Date: Thu, 27 Dec 2001 13:41:46 +1100
From: Horms <horms@vergenet.net>
To: bugtraq <bugtraq@bugtraq.org>

This notice is in reference to a reported root hole in the FreeBSD port of
perdition and more specifically the library vanessa_logger that it
requires.

http://www.securityfocus.org/archive/1/247148

First I would like to express great dismay that this was published on a
public list (BugTraq) without prior consultation with the author (myself)
or to my knowledge the maintainer of the FreeBSD port, Konstantinos
Konstantinidis.

There is a string format bug in vanessa_logger 0.0.1 which is what the post
to BugTraq makes reference to. FreeBSD, was at the time of the posting
shipping this vulnerable version.

vanessa_logger 0.0.2, released on the 29th of June 2001, is not vulnerable
to this exploit. FreeBSD have released a patched version of vanessa_logger
0.0.1 which is also not vulnerable. Users should upgrade to either of
these.

    vanessa_logger 0.0.2 is available from
    ftp://ftp.vergenet.net/pub/vanessa/vanessa_logger/0.0.2

At this time I would also like to highlight the importance of running
perdition as a non-root user. The --username and --group options enable
perdition to run as non-root for most of a processes life. If these options
are used then the potential risk from any exploits stemming from the string
format bug in vanessa_logger are significantly reduced.

For more information on perdition please see
http://vergenet.net/linux/perdition/ 

-- 
Horms
Author of perdition and vanessa_logger