From owner-doc-jp@jp.freebsd.org  Sat Mar 25 10:40:11 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA65110;
	Sat, 25 Mar 2000 10:40:11 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from smtp04.246.ne.jp (smtp04.246.ne.jp [210.253.192.38])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id KAA65105
	for <doc-jp@jp.freebsd.org>; Sat, 25 Mar 2000 10:40:10 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: (qmail 13918 invoked by alias); 25 Mar 2000 10:40:10 +0900
Message-ID: <20000325014010.13917.qmail@smtp.246.ne.jp>
Received: (qmail 13908 invoked from network); 25 Mar 2000 10:40:09 +0900
Received: from tp4hr152.246.ne.jp (HELO localhost) (210.253.193.152)
  by smtp.246.ne.jp with SMTP; 25 Mar 2000 10:40:09 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: <200003231425.XAA19729@mail.geocities.co.jp>
References: <20000315173757.8949337BEBE@hub.freebsd.org>
	<200003231425.XAA19729@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sat, 25 Mar 2000 10:40:10 +0900
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7219
Subject: [doc-jp 7219] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:10.orville-write
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
>  SA-00:10.orville.write $B$NF|K\8lLu$G$9!#(B

$B$Q$A$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:10                                           Security Advisory
>                                                                 FreeBSD, Inc.
$B!D(B $B$5$/$C$HN,(B $B!D(B
> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> One of the commands installed by the port is incorrectly installed
> with setuid root permissions.
> $B$3$N(B port $B$G%$%s%9%H!<%k$5$l$k%3%^%s%I$N$R$H$D$K!"(Broot $B$G(B setuid $B$5$l$?(B
> $B5v2DB0@-$GIT@5$K%$%s%9%H!<%k$5$l$F$7$^$&$b$N$,$"$j$^$9!#(B

$B!VITE,@Z$K!W$+$J!#(B

> The 'huh' command should not have any
> special privileges since it is intended to be run by the local user to
> view his saved messages.
> 'huh' $B%3%^%s%I$O%m!<%+%k%f!<%6$,5-O?$5$l$?<+J,$N%a%C%;!<%8$r(B
> $B1\Mw$9$kL\E*$G<B9T$9$k$h$&@_7W$5$l$F$$$k$?$a!"(B
> $BK\Mh!"FCJL$J8"8B$r;}$D$Y$-$b$N$G$O$"$j$^$;$s!#(B

$B!V!A$O!A$,!A$5$l$?!A$r!A$9$kL\E*$G!A$9$k$h$&@_7W$5$l$F$$$k$?$a!"!W(B
$B=gHV!"=u;l!"FIE@$J$I$r8+D>$7$?J}$,$$$$$H;W$$$^$9!#(B

> III. $B1F6AHO0O(B - Impact
> 
> A local user can exploit a buffer overflow in the 'huh' utility to
> obtain root privileges.
> $B%m!<%+%k%f!<%6$O!"(B'huh' $B%f!<%F%#%j%F%#$KB8:_$9$k%P%C%U%!%*!<%P%U%m!<LdBj$r(B
> exploit $B$9$k$3$H$G!"(Broot $B8"8B$rF@$k$3$H$,$G$-$^$9!#(B

exploit $BLu=P!#(B

> IV.  $BBP1~:v(B - Workaround
> 
> Remove the orville-write port if you have installed it.
> orville-write $B$N(B port $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O!"(B
> $B$=$l$r:o=|$7$F2<$5$$!#(B

$B!V2<$5$$!W"*!V$/$@$5$$!W(B
$B0J2<F1MM!#(B
----
$B$3$,$h$&$$$A$m$&(B
