Archive of FreeBSD Security general posting, FreeBSD Security Advisory: FreeBSD-SA-01:13.sort

30/01/01, FreeBSD Security Advisory: FreeBSD-SA-01:13.sort
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Subject: FreeBSD Security Advisory: FreeBSD-SA-01:13.sort
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Date: Mon, 29 Jan 2001 13:19:19 -0800 (PST)
Mail-from: From owner-freebsd-security-notifications@FreeBSD.ORG Tue Jan 30 04:21:21 2001
Reply-To: postmaster@FreeBSD.ORG
Sender: owner-freebsd-security-notifications@FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:13                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          sort uses insecure temporary files

Category:       core
Module:         sort
Announced:      2001-01-29
Credits:        Discovered during internal auditing
Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases
                prior to 4.2), FreeBSD 3.5-STABLE prior to the
                correction date.
Corrected:      2000-11-11 (FreeBSD 4.1.1-STABLE)
                2001-01-01 (FreeBSD 3.5-STABLE)
FreeBSD only:   NO

I.   Background

sort(1) is a program to sort lines of text.  It is externally
maintained, contributed software which is included in FreeBSD by
default.

II.  Problem Description

During internal auditing, sort(1) was found to use easily predictable
temporary file names.  It does create these temporary files correctly
such that they cannot be "subverted" by a symlink attack, but the
program will abort if the temporary filename chosen is already in use.
This allows an attacker to cause the sort(1) command to abort, which
may have a cascade effect on other scripts which make use of it (such
as system management and reporting scripts).  For example, it may be
possible to use this failure mode to hide the reporting of malicious
system activity which would otherwise be detected by a management
script.

All released versions of FreeBSD prior to the correction date including
FreeBSD 3.5.1 and FreeBSD 4.1.1 are vulnerable.  The problem was
corrected prior to the release of FreeBSD 4.2.

III. Impact

Attackers can cause the operation of sort(1) to fail, possibly
disrupting aspects of system operation.

IV.  Workaround

None appropriate.

V.   Solution

One of the following:

Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE,
4.2-RELEASE, or 4.2-STABLE after the correction date.

To patch your present system: download the relevant patch from the
below location, and execute the following commands as root:

[FreeBSD 4.1.1 base system]

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch.asc

Verify the detached PGP signature using your PGP utility.

# cd /usr/src/gnu/usr.bin/sort
# patch -p < /path/to/patch
# make depend && make all install

[FreeBSD 3.5.1 base system]

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch.asc

Verify the detached PGP signature using your PGP utility.

# cd /usr/src/gnu/usr.bin/sort
# patch -p < /path/to/patch
# make depend && make all install

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOnXd6VUuHi5z0oilAQF0XAP/d2M9nevTRLhEqTzutYfj2Whxxm1P8HgW
1hRPi3n3r9I7m9cBCjree6N33CRJoa0pdKovL5OgC04AWdRSKhfVHsLJYQz41Vi2
tfqfZCTdhCWmwx9TGeVek9Pk3OrUIwhfzg+YBqX+ioQYaenB+25FHK1cigmXdeWp
UZWDyGlrmyM=
=vOx+
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security-notifications" in the body of the message



Previous message sorted by date: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED]
Next message sorted by date: FreeBSD Ports Security Advisory: FreeBSD-SA-01:07.xfree86
Previous message sorted by thread: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED]
Next message by thread: FreeBSD Ports Security Advisory: FreeBSD-SA-01:07.xfree86
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2002