Gentoo Archives: gentoo-ppc-dev

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o, scoop@×××××××××.net
Subject: [gentooppc-dev] [gentoo-announce] GLSA: ppp
Date: Wed, 31 Jul 2002 09:30:18
Message-Id: 20020731072944.1b7dfcb7.seemant@gentoo.org
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : ppp -- net dialup/point-to-point protocol
SUMMARY         : security vulnerability in symlink creation
DATE            : Wed Jul 31 14:29:24 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

A race condition exists in the pppd program that may be exploited
in order to change the permissions of an arbitrary file.

DETAIL

>From the FreeBSD report:
The file specified as the tty device is opened by pppd, and the permissions are recorded. If pppd fails to initialize the tty device in some way (such as a failure of tcgetattr(3)), then pppd will then attempt to restore the original permissions by calling chmod(2). The call to chmod(2) is subject to a symlink race, so that the permissions may `restored' on some other file. The full advisory may be found here: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A32.pppd.asc SOLUTION It is recommended that all Gentoo Linux users who are running net-dialup/ppp-2.4.1-r9 and earlier update their systems as follows. emerge rsync emerge ppp - ------------------------------------------------------------------------ aliz@g.o seemant@g.o drobbins@g.o - ------------------------------------------------------------------------ -- Seemant Kulleen Developer and Project Co-ordinator, Gentoo Linux http://www.gentoo.org/~seemant _______________________________________________ gentoo-announce mailing list gentoo-announce@g.o http://lists.gentoo.org/mailman/listinfo/gentoo-announce