From owner-doc-jp@jp.freebsd.org  Sun Sep  3 09:24:34 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id JAA86971;
	Sun, 3 Sep 2000 09:24:34 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id JAA86966
	for <doc-jp@jp.freebsd.org>; Sun, 3 Sep 2000 09:24:34 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id JAA06377 for <doc-jp@jp.freebsd.org>; Sun, 3 Sep 2000 09:24:34 +0900 (JST)
Received: from mail.hrs.jp (sutnmax1-ppp17.ed.noda.sut.ac.jp [133.31.173.27]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id JAA27975 for <doc-jp@jp.freebsd.org>; Sun, 3 Sep 2000 09:24:31 +0900 (JST)
Message-Id: <200009030024.JAA27975@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id JAA09978
	for <doc-jp@jp.freebsd.org>; Sun, 3 Sep 2000 09:10:11 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000828194318.AE08D37B440@hub.freebsd.org>
References: <20000828194318.AE08D37B440@hub.freebsd.org>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sun, 03 Sep 2000 09:10:10 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 182
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7659
Subject: [doc-jp 7659] Re: ANNOUNCE: FreeBSD Ports Security Advisory:
 FreeBSD-SA-00:40.mopd
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 FreeBSD-SA-00:40.mopd $B$NK]Lu$G$9!#(B



 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:40.mopd
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon, 28 Aug 2000 12:43:18 -0700 (PDT)
  Message-Id: <20000828194318.AE08D37B440@hub.freebsd.org>
  X-Sequence: announce-jp 512

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:40                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       mopd port allows remote root compromise

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     mopd
$B9pCNF|(B:         2000-08-28
$B%/%l%8%C%H(B:     Matt Power <mhpower@MIT.EDU>, OpenBSD
$B1F6AHO0O(B:       Ports collection prior to the correction date.
                $B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:         2000-08-09
$B%Y%s%@$NBP1~(B:   Contacted
                $BO"Mm:Q$_(B
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

mopd is used for netbooting older DEC machines such as VAXen and
DECstations.

mopd $B$O(B VAX $B%7%j!<%:$d(B DECstations $B$J$I$N8E$$(B DEC $B%^%7%s$r(B
$B%M%C%H%o!<%/7PM3$G5/F0$9$k$?$a$K;H$o$l$k%=%U%H%&%'%"$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

The mopd port contains several remotely exploitable
vulnerabilities. An attacker exploiting these can execute arbitrary
code on the local machine as root.

mopd $B$N(B port $B$K$O(B, $B%j%b!<%H$+$i0-MQ$5$l$k4m81@-$N$"$k(B
$B%;%-%e%j%F%#>e$N<eE@$,4^$^$l$F$$$^$9(B.  $B967b<T$O$=$l$i$r0-MQ$7(B,
$B%m!<%+%k%^%7%s>e$N(B root $B8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

The mopd port is not installed by default, nor is it "part of FreeBSD"
as such: it is part of the FreeBSD ports collection, which contains
over 3700 third-party applications in a ready-to-install format. The
ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE
contain this problem, since it was discovered after the releases.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

mopd $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B. $B$=$l$i$O(B
3700 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5-RELEASE $B$*$h$S(B 4.1-RELEASE
$B$H$H$b$K=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

Remote users can execute arbitrary code on the local machine as root.

$B%j%b!<%H%f!<%6$O%m!<%+%k%^%7%s>e$N(B root $B8"8B$GG$0U$N%3!<%I$r(B
$B<B9T$9$k$3$H$,2DG=$G$9(B.

If you have not chosen to install the mopd port/package, then your
system is not vulnerable to this problem.

mopd $B$N(B port $B$b$7$/$O(B package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B=$@5=hCV(B - Workaround

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Deinstall the mopd port/package, if you have installed it.
mopd $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B. 

2) Restrict access to the mopd port using a perimeter firewall, or
ipfw(8)/ipf(8) on the local machine. Note that users who pass these
access restrictions may still exploit the vulnerability.

2) $B%U%!%$%"%&%)!<%k$d(B ipfw(8)/ipf(8) $B$r%m!<%+%k%^%7%s$G;H$$(B,
   mopd port $B$X$N%"%/%;%9$r@)8B$7$F$/$@$5$$(B.  $B$^$?(B,
   ($BLuCm(B: $B%"%/%;%9@)8B$r9T$J$C$?$H$7$F$b(B) $B$3$N%"%/%;%9@)8B$r(B
   $BDL2a$7$?%f!<%6$K$h$C$F(B, $B$3$N<eE@$,0-MQ$5$l$k4m81@-$,$"$k$3$H$K(B
   $BCm0U$9$kI,MW$,$"$j$^$9(B.

V.   $BBP1~:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the mopd port.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, mopd $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz

NOTE: Be sure to check the file creation date on the package, because
the version number of the software has not changed.

2) $B8E$$(B ($BLuCm(B: mopd $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz

NOTE: Be sure to check the file creation date on the package, because
the version number of the software has not changed.

$BCm0U(B: $B%=%U%H%&%'%"$N%P!<%8%g%sHV9f$OJQ99$5$l$F$$$^$;$s$N$G(B,
      package $B%U%!%$%k$N:n@.F|;~$,9g$C$F$$$k$+3NG'$9$k$h$&$K$7$F$/$@$5$$(B.

3) download a new port skeleton for the mopd port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

3) mopd port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
