os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

90 lines
3.1 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:13 Security Advisory
FreeBSD, Inc.
Topic: generic-nqs contains a local root compromise
Category: ports
Module: generic-nqs
Announced: 2000-04-19
Credits: Philippe Andersson <philippe_andersson@STE.SCITEX.COM>
via BugTraq
Affects: Ports collection before the correction date.
Corrected: 2000-04-16
Vendor status: Updated version released.
FreeBSD only: NO
I. Background
Generic-NQS is a Network Queuing System for batch-processing jobs across
multiple machines.
II. Problem Description
Generic-NQS versions 3.50.7 and earlier contain a security vulnerability
which allow a local user to easily obtain root privileges. Unfortunately,
further details of the location and nature of the vulnerability were not
provided by the original poster, upon request of the Generic-NQS
developers.
The generic-nqs port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3200 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.0 contains this
problem since it was discovered after the release.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
III. Impact
A local user can obtain root privileges by exploiting a vulnerability
in the generic-nqs package.
If you have not chosen to install the generic-nqs port/package, then your
system is not vulnerable to this problem.
IV. Workaround
Remove the generic-nqs port, if you you have installed it.
V. Solution
1) Upgrade your entire ports collection and rebuild the generic-nqs port.
2) Reinstall a new package dated after the correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz
Note that it may be a few days before the updated package is available.
3) download a new port skeleton for the generic-nqs port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOP4kUVUuHi5z0oilAQGmYAQAntm5ianpGoWd2dr2Nf294InKoxRK5tt+
61yGHUdZiFIWNUcEEow158vCnmAid1XyBRrYdeZLCs0EU0gaHRL21a1RpKab31T1
oc8pPK5mCyygwrXCf/u4aZES/HQyVbpryEqnvrggSzjlXExhsl6i+4YEBYHUO2Mi
s8xowH91Sy4=
=eXhd
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink