exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

95-06

95-06
Posted Sep 23, 1999

95-06

SHA-256 | 335f2678299e106f2a19b865b09f663aba2b042dd9c529d001ccf3273fed843f

95-06

Change Mirror Download
=============================================================================
AA-95.06 AUSCERT Advisory
15 June, 1995
S/Key Vulnerability in Logdaemon and FreeBSD
-----------------------------------------------------------------------------

AUSCERT has received the following advice from Wietse Venema concerning a
vulnerability in the S/Key implementation found in Logdaemon and FreeBSD.

Users of these packages are strongly advised to take remedial action as
soon as possible. Please contact Wietse Venema if you have any questions
or need further information.

Topic: Logdaemon/FreeBSD vulnerability in S/Key
Source: Wietse Venema (wietse@wzv.win.tue.nl)

========================FORWARDED TEXT STARTS HERE============================

A vulnerability exists in my own S/Key software enhancements. Since
these enhancements are in wide-spread use, a public announcement is
appropriate. The vulnerability affects the following products:

FreeBSD version 1.1.5.1
FreeBSD version 2.0
logdaemon versions before 4.9

I recommend that users of this software follow the instructions given
below in section III.

-----------------------------------------------------------------------------

I. Description

An obscure oversight was found in software that I derived from
the S/Key software from Bellcore (Bell Communications Research).
Analysis revealed that my oversight introduces a vulnerability.

Note: the vulnerability is not present in the original S/Key
software from Bellcore.

II. Impact

Unauthorized users can gain privileges of other users, possibly
including root.

The vulnerability can be exploited only by users with a valid
account. It cannot be exploited by arbitrary remote users.

The vulnerability can affect all FreeBSD 1.1.5.1 and FreeBSD 2.0
implementations and all Logdaemon versions before 4.9. The problem
exists only when S/Key logins are supported (which is the default
for FreeBSD). Sites with S/Key logins disabled are not vulnerable.

III. Solution

Logdaemon users:
================
Upgrade to version 4.9

URL ftp://ftp.win.tue.nl/pub/security/logdaemon-4.9.tar.gz.
MD5 checksum 3d01ecc63f621f962a0965f13fe57ca6

To plug the hole, build and install the ftpd, rexecd and login
programs. If you installed the keysu and skeysh commands, these
need to be replaced too.

FreeBSD 1.1.5.1 and FreeBSD 2.0 users:
======================================
Retrieve the corrected files that match the system you are
running:

URL ftp://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-1.1.5.1.tgz
MD5 checksum bf3a8e8e10d63da9de550b0332107302

URL ftp://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-2.0.tgz
MD5 checksum d58a17f4216c3ee9b9831dbfcff93d29

Unpack the tar archive and follow the instructions in the
README file.

FreeBSD current users:
======================
Update your /usr/src/lib/libskey sources and rebuild and
install libskey (both shared and non-shared versions).

The vulnerability has been fixed with FreeBSD 2.0.5.

-----------------------------------------------------------------------------

S/KEY is a trademark of Bellcore (Bell Communications Research).

Wietse Venema appreciates helpful assistance with the resolution of
this vulnerability from CERT/CC; Rodney W. Grimes, FreeBSD Core Team
Member; Guido van Rooij, Philips Communication and Processing Services;
Walter Belgers.



=========================FORWARDED TEXT ENDS HERE=============================

----------------------------------------------------------------------------

If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).

AUSCERT is the Australian Computer Emergency Response Team, funded by the
Australian Academic Research Network (AARNet) for its members. It is
located at The University of Queensland within the Prentice Centre.
AUSCERT is a full member of the Forum of Incident Response and Security
Teams (FIRST).

AUSCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au. This archive contains past SERT and AUSCERT
Advisories, and other computer security information.

AUSCERT also maintains a World Wide Web service which is found on:
http://www.auscert.org.au.

Internet Email: auscert@auscert.org.au
Facsimile: (07) 365 4477
Telephone: (07) 365 4417 (International: +61 7 365 4417)
AUSCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.

Postal:
Australian Computer Emergency Response Team
c/- Prentice Centre
The University of Queensland
Brisbane
Qld. 4072.
AUSTRALIA

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close