[12828] in bugtraq
Re: Several FreeBSD-3.3 vulnerabilities
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Thu Dec 2 16:02:22 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.9912011105530.68960-100000@hub.freebsd.org>
Date: Wed, 1 Dec 1999 11:20:05 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Brock Tellier <btellier@USA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991130230829.5307.qmail@nw173.netaddress.usa.net>
On Tue, 30 Nov 1999, Brock Tellier wrote:
> All of the vulnerabilities discussed herein are based on my work on
> FreeBSD 3.3-RELEASE. Each of the programs was installed with the
> default permissions given when unpacked with sysinstall.
> These permissions are:
> -rwxr-sr-x 1 bin dialer 88480 Sep 11 00:55 /usr/X11R6/bin/seyon
This one was fixed a month ago after your last advisory. Obviously, if
you're still using the same version of the OS you used in your initial
advisory, it's not going to be fixed :-)
> -rwsr-xr-x 1 uucp bin 7780 Sep 11 05:15 /usr/X11R6/bin/xmindpath
This one is a hole in the vendor-provided software, which wants to install
it setuid uucp by default. With ~2800 third-party apps shipped with
FreeBSD, we can't be held responsible for the security of all of them :-)
> -r-xr-sr-x 1 bin games 481794 Sep 11 01:10 /usr/X11R6/bin/angband
This one is our fault (in the sense that installing it setgid games so it
can write a high score file is not something the software does by
default).
Your advisory wasn't clear whether or not you contacted the port
maintainers directly about these, and they were just slow off the mark, or
if it was just security-officer@freebsd.org. Assuming the former, one way
of expediting the process would be to send mail to the (new)
audit@freebsd.org mailing list which has several people who will be quite
happy to do some butt-kicking to get a response :-)
Kris
