1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : ppp -- net dialup/point-to-point protocol |
5 |
SUMMARY : security vulnerability in symlink creation |
6 |
DATE : Wed Jul 31 14:29:24 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
A race condition exists in the pppd program that may be exploited |
12 |
in order to change the permissions of an arbitrary file. |
13 |
|
14 |
DETAIL |
15 |
|
16 |
>From the FreeBSD report: |
17 |
|
18 |
The file specified as the tty device is opened by pppd, and the |
19 |
permissions are recorded. If pppd fails to initialize the tty device in |
20 |
some way (such as a failure of tcgetattr(3)), then pppd will then attempt |
21 |
to restore the original permissions by calling chmod(2). The call to |
22 |
chmod(2) is subject to a symlink race, so that the permissions may |
23 |
`restored' on some other file. |
24 |
|
25 |
The full advisory may be found here: |
26 |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A32.pppd.asc |
27 |
|
28 |
SOLUTION |
29 |
|
30 |
It is recommended that all Gentoo Linux users who are running |
31 |
net-dialup/ppp-2.4.1-r9 and earlier update their systems as follows. |
32 |
|
33 |
emerge rsync |
34 |
emerge ppp |
35 |
|
36 |
- ------------------------------------------------------------------------ |
37 |
aliz@g.o |
38 |
seemant@g.o |
39 |
drobbins@g.o |
40 |
- ------------------------------------------------------------------------ |
41 |
|
42 |
|
43 |
-- |
44 |
Seemant Kulleen |
45 |
Developer and Project Co-ordinator, |
46 |
Gentoo Linux http://www.gentoo.org/~seemant |
47 |
_______________________________________________ |
48 |
gentoo-announce mailing list |
49 |
gentoo-announce@g.o |
50 |
http://lists.gentoo.org/mailman/listinfo/gentoo-announce |