From owner-doc-jp@jp.freebsd.org  Sun May 14 21:03:23 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id VAA16773;
	Sun, 14 May 2000 21:03:23 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from smtp01.246.ne.jp (smtp01.246.ne.jp [210.253.192.35])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id VAA16768
	for <doc-jp@jp.freebsd.org>; Sun, 14 May 2000 21:03:23 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: (qmail 13039 invoked by alias); 14 May 2000 21:03:23 +0900
Message-ID: <20000514120323.13038.qmail@smtp.246.ne.jp>
Received: (qmail 13029 invoked from network); 14 May 2000 21:03:22 +0900
Received: from tp4hr085.246.ne.jp (HELO localhost) (210.253.193.85)
  by smtp.246.ne.jp with SMTP; 14 May 2000 21:03:22 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: <200005141025.TAA02352@mail.geocities.co.jp>
References: <20000509192049.5712437BFB7@hub.freebsd.org>
	<200005141025.TAA02352@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sun, 14 May 2000 21:03:20 +0900
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7378
Subject: [doc-jp 7378] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:17.libmytinfo
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
>  00:17 $B$NK]Lu$G$9!#(B

$B$Q$A$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:17                                            Security Advisory
> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> libmytinfo allows users to specify an alternate termcap file or entry
> via the TERMCAP environment variable,
> libmytinfo $B$rMxMQ$9$k$3$H$G(B, $B%f!<%6$OBeBX$N(B termcap $B%U%!%$%k$d(B
> TERMCAP $B4D6-JQ?t$r;H$C$?%(%s%H%j$N;XDj$,2DG=$K$J$j$^$9(B.

via the ... $B$O(B an alternate termcap file or entry $B$K$+$+$j$^$9!#(B

> III. $B1F6AHO0O(B - Impact
> 
> Certain setuid/setgid third-party software (including FreeBSD
> ports/packages) may be vulnerable to a local exploit yielding
> privileged resources,
> setuid/setgid $B$5$l$?(B (FreeBSD ports/packages $B$r4^$`(B)$B%5!<%I%Q!<%F%#@=(B
> $B%=%U%H%&%'%"$O(B, $BFC8"$rI,MW$H$9$k%j%=!<%9$r%m!<%+%k$+$i0-MQ$G$-$k$H$$$&(B
> $B%;%-%e%j%F%#>e$N<eE@$H$J$k2DG=@-$,$"$j$^$9(B.

certain $B$rLu=P$7$J$$$H(B all $B$r0UL#$9$k$h$&$GJQ$G$9!#(B
----
$B$3$,$h$&$$$A$m$&(B
