[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD SECURITY FIX #001 - 4 aout 2003

From: "Philemon DAUBARD" <phil AT kodezone POINT com>
To: <openbsd-france-misc AT openbsd-france POINT org>
Subject: OpenBSD SECURITY FIX #001 - 4 aout 2003
Date: Tue, 5 Aug 2003 00:14:21 +0200

Apres freebsd, la faille touche aussi OpenBSD.

Traduction vite faite du resume du bug:

Une off-by-one erreur existe dans la fonction realpath(3) de la librairy c.
Puisque ce même bogue a eu comme consequence un root compromise dans le
serveur ftp wu-ftpd,
il est possible que ce bogue puisse permettre a un attaquant de gagner des
privileges sur OpenBSD.
Un patch de la source existe pour remedier au problème.

a voir sur http://www.openbsd.org/errata.html

Petite liste des binaires OpenBSD a recompil, y'en aura surement d'autre
plus tard ...
http://www.schubert.cx/openbsd/realpath_list

Pour etre sur, un bon rebuild de /bin/* /sbin/* ne fait pas de mal.

ci dessous le mail de Todd Miller avec les explications en anglais.

Philemon Daubard
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
kodezone interactive
w: www.kodezone.com
e: daubard AT kodezone POINT com

----- Original Message ----- 
From: "Todd C. Miller" <Todd POINT Miller AT courtesan.com>
To: <security-announce AT openbsd POINT org>
Sent: Monday, August 04, 2003 7:03 PM
Subject: off-by-one error in realpath(3)


> [ this version has some typos fixed ]
>
> An off-by-one error exists in the C library function realpath(3).
> This is the same bug that was recently found in the wu-ftpd ftpd
> server by Janusz Niewiadomski and Janusz Niewiadomski.
>
> The OpenBSD ftp daemon does not use realpath(3) in a way that could
> be exploited, however a number of other system binaries also use
> the function.  It is not currently known whether or not this bug
> results in an exploitable security hole on OpenBSD.  Since the bug
> led to an exploitable hole in wu-ftpd, it is entirely possible that
> some program using realpath(3) under OpenBSD may be vulnerable to
> attack.  For OpenBSD 3.3 and higher, the ProPolice stack protector
> should provide some protection from this bug, but this cannot be
> guaranteed.
>
> This bug has been fixed in OpenBSD-current as well as the 3.2 and
> 3.3 stable branches.  Patches are available for OpenBSD 3.2 and 3.3.
>
> Patch for OpenBSD 3.2:
> ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch
>
> Patch for OpenBSD 3.3:
> ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch
>
> For versions of OpenBSD prior to 3.2, users may simply fetch
> the current revision of realpath.c from:
>     ftp://ftp.OpenBSD.org/pub/OpenBSD/src/lib/libc/stdlib/realpath.c
> then rebuild and install libc with the new realpath.c.
>
> For more details, see the description of the wu-ftpd fp_realpath bug:
>     http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
>

Prev by Date: [openbsd-france-misc] Quelques utilitaires pour PF, le retour !
Next by Date: [openbsd-france] OpenBSD 3.4
Previous by thread: [openbsd-france-misc] Quelques utilitaires pour PF, le retour !
Next by thread: [openbsd-france] OpenBSD 3.4
Index(es):
- Date
- Thread