From owner-doc-jp@jp.freebsd.org  Sat Apr 22 16:32:33 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA68620;
	Sat, 22 Apr 2000 16:32:33 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id QAA68613
	for <doc-jp@jp.freebsd.org>; Sat, 22 Apr 2000 16:32:32 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id QAA03653 for <doc-jp@jp.freebsd.org>; Sat, 22 Apr 2000 16:32:32 +0900 (JST)
Received: from mail.hrs.jp (sutkmax2-ppp28.ed.kagu.sut.ac.jp [133.31.177.94]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id QAA04067 for <doc-jp@jp.freebsd.org>; Sat, 22 Apr 2000 16:32:27 +0900 (JST)
Message-Id: <200004220732.QAA04067@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id QAA22646
	for <doc-jp@jp.freebsd.org>; Sat, 22 Apr 2000 16:28:53 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000419212638.D585837BD34@hub.freebsd.org>
References: <20000419212638.D585837BD34@hub.freebsd.org>
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sat, 22 Apr 2000 16:28:52 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 152
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7308
Subject: [doc-jp 7308] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:13.generic-nqs
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 SA-00:13.generic-nqs $B$NK]Lu$G$9!#(B

===================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Wed, 19 Apr 2000 14:26:38 -0700 (PDT)
  Message-Id: <20000419212638.D585837BD34@hub.freebsd.org>
  X-Sequence: announce-jp 418

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:13                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	generic-nqs contains a local root compromise

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     generic-nqs
$B9pCNF|(B:         2000-04-19
$B%/%l%8%C%H(B:	Philippe Andersson <philippe_andersson@STE.SCITEX.COM>
		(BugTraq ML $B$h$j(B)
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         2000-04-16
$B%Y%s%@$NBP1~(B:	$B99?7HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

Generic-NQS is a Network Queuing System for batch-processing jobs across
multiple machines.

Generic-NQS $B$O!"%8%g%V$N%P%C%A=hM}$rJ#?t%^%7%s4V$G<B8=$9$k$?$a$N(B
$B%M%C%H%o!<%/%-%e!<%7%9%F%`$G$9!#(B

II.  $BLdBj$N>\:Y(B - Problem Description

Generic-NQS versions 3.50.7 and earlier contain a security vulnerability
which allow a local user to easily obtain root privileges. Unfortunately,
further details of the location and nature of the vulnerability were not
provided by the original poster, upon request of the Generic-NQS
developers.

3.50.7 $B$r4^$`!"$=$l0JA0$N%P!<%8%g%s$N(B Generic-NQS $B$K$O!"(B
$B%m!<%+%k%f!<%6$,MF0W$K(B root $B8"8B$rF@$k$3$H$,$G$-$k$H$$$&(B
$B%;%-%e%j%F%#>e$N<eE@$,B8:_$7$^$9!#(BGeneric-NQS $B$N3+H/<TC#$O!"(B
$BLdBj$,$"$k$N$O$I$NItJ,$J$N$+!"$=$l$,$I$&$$$C$?<oN`$N$b$N$J$N$+(B
$B$H$$$&FbMF$r>pJsDs6!<T$K5a$a$^$7$?$,!";DG0$J$3$H$K!"$=$N$h$&$J(B
$B>\$7$$>pJs$ODs6!$5$l$^$;$s$G$7$?!#(B

The generic-nqs port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3200 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.0 contains this
problem since it was discovered after the release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

generic-nqs $B$N(B port $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  $B$=$l$O(B, 3200 $B$r(B
$BD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,$9$0$K%$%s%9%H!<%k$G$-$k7A$G(B
$B<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.  $B$3$N%;%-%e%j%F%#>e$N(B
$B<eE@$,H/8+$5$l$?$N$,%j%j!<%9;~E@$h$j8e$G$"$C$?$3$H$+$i(B, FreeBSD 4.0 $B$K(B
$B4^$^$l$k(B Ports Collection $B$K$b(B, $B$3$NLdBj$,B8:_$7$^$9(B.  

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#LdBj$K(B
$BBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$KF~$C$F(B
$B$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,0BA4$G$"$k$H(B
$BI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$FBg$-$J1F6A$r(B
$B;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B, $B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

A local user can obtain root privileges by exploiting a vulnerability
in the generic-nqs package.

$B%m!<%+%k%f!<%6$O!"(Bgeneric-nqs $B$N(B package $B$K4^$^$l$k%;%-%e%j%F%#>e$N(B
$B<eE@$r0-MQ$9$k$3$H$G(B root $B8"8B$rF@$k$3$H$,2DG=$G$9!#(B

If you have not chosen to install the generic-nqs port/package, then your
system is not vulnerable to this problem.

generic-nqs $B$N(B port $B$b$7$/$O(B package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B, $B$=$N(B
$B%7%9%F%`$K(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

IV.  $BBP1~:v(B - Workaround

Remove the generic-nqs port, if you you have installed it.

generic-nqs $B$N(B port $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, $B$=$l$r:o=|$7$F$/$@$5$$(B.

V.   $B=$@5=hCV(B - Solution

1) Upgrade your entire ports collection and rebuild the generic-nqs port.

1) Ports Collection $BA4BN$r99?7$7$F(B, generic-nqs $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

2) Reinstall a new package dated after the correction date, obtained from:

Note that it may be a few days before the updated package is available.

2) $B0J2<$N>l=j$+$i(B, $B=$@5F|$h$j8e$K:n@.$5$l$??7$7$$(B package $B$rF~<j$7$F(B
   $B:F%$%s%9%H!<%k$9$k(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz

   $B99?7$5$l$?(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G!"?tF|$+$+$k(B
   $B2DG=@-$,$"$j$^$9!#$4Cm0U2<$5$$!#(B

3) download a new port skeleton for the generic-nqs port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

3) $B0J2<$N>l=j$+$i(B generic-nqs $B$N(B $B?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I$7(B, 
   $B$=$l$rMxMQ$7$F(B generic-nqs $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

http://www.freebsd.org/ports/

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
